Windows Phone App Security for Builders and Breakers

Explore Windows Phone app security for developers and penetration testers in this conference talk from AppSecEU 2015. Delve into encryption techniques, external services integration, secure data transfer, and protection against man-in-the-middle attacks. Learn about digital certificates, preventing internal data leakage, and implementing robust authentication and authorization mechanisms. Gain insights into secure coding practices, avoiding broken cryptography, and defending against client-side injection vulnerabilities. Examine practical examples and discover remediation strategies for common security issues in Windows Runtime applications. Enhance your understanding of mobile app security with expert guidance on language-specific considerations and effective browsing of the file system.

Introduction
Encryption
External Services
Secure Cutting
Secure Transfer
Maninthemiddle attacks
Digital certificates
Internal data leakage
Cache data leakage
Authentication authorization
Example
Secure Coding Tips
Broken Cryptography
Exotic Encryption
ClientSide Injection
Final Example
M8 Security Decision
Language
Tipsy
Encrypt
Windows Runtime Application
Remediation
Browsing the file system