SSL Traffic Interception on Mobile Devices - Analysis and Protection
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the world of SSL traffic interception on mobile devices in this 52-minute conference talk from APPSEC Cali 2018. Dive into an analysis of over ten million SSL validation failure reports from iOS and Android apps, uncovering where, how, and why SSL incidents occur globally. Discover various classes of SSL incidents, from well-known corporate traffic inspection to unexpected and suspicious actors. Learn about real-world solutions to protect mobile apps against traffic interception and attacks. Gain insights from Alban Diquet, Head of Engineering at Data Theorem, as he shares findings on security protocols, data privacy, and mobile security. Explore topics such as SSL pinning, server misconfigurations, development proxies, corporate networks, and spyware categories. Understand the implications of SSL interception for mobile app security and discover practical strategies for developers to enhance protection against potential threats.
Syllabus
Intro
SSL Pinning
SSL Reporting
The Data Set
Report Classification
Server Misconfiguration
Classification Categories
Development Proxies
Corporate Networks
Pins Misconfiguration
Spyware Categories
What Happened?
Spyware - Market Intel
Spyware - Ad Blocker
Spyware - Parental Control
What do we do?
Taught by
OWASP Foundation
Related Courses
Introduction to Data Analytics for BusinessUniversity of Colorado Boulder via Coursera Digital and the Everyday: from codes to cloud
NPTEL via Swayam Systems and Application Security
(ISC)² via Coursera Protecting Health Data in the Modern Age: Getting to Grips with the GDPR
University of Groningen via FutureLearn Teaching Impacts of Technology: Data Collection, Use, and Privacy
University of California, San Diego via Coursera