So, You Want To Use A WebView? - Security Considerations and Best Practices
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the intricacies of using WebViews in mobile applications through this conference talk from AppSecEU 2015 in Amsterdam. Delve into various aspects including demonstrations, interfaces, testing methodologies, and security considerations. Learn about improvising techniques, interception methods, and the implications of using different URL schemes. Gain insights into threat modeling, targeted malware, and bug bounty programs. Examine the importance of trust chains, hostname verification, and certificate handling in WebView implementations. Conclude with a summary of key takeaways, recommendations for best practices, and additional resources for further learning.
Syllabus
Intro
Demonstration
Interfaces
Testing
Improvising
Interception
File Scheme
HTTPS
Trust Chain
hostname verification
trust
targeted malware
bug bounty
URL schemes
Threat model schemes
Threat model schemes demo
Summary
Thank you
Recommendations
Extras
Cert Printing
Taught by
OWASP Foundation
Related Courses
Android Penetration TestingYouTube OWASP TOP 10 Mobile - Riesgos de las aplicación móviles
Udemy Android Penetration Testing
Udemy Automated Third-Party Library Detection for Android Applications - Are We There Yet?
Association for Computing Machinery (ACM) via YouTube Exploiting Android Messengers with WebRTC
nullcon via YouTube