Download pdf
Planning on introducing a mobile app into your product mix? Expect new attacks on your API infrastructure. Help Shipfast and ShipRaider battle for control of a driver delivery app by exploiting API keys, OAuth2 user authorization, TLS certificate pinning, HMAC call signing, app shielding/hardening, app attestation and more. Overview the unique challenges of API security with mobile clients.

Pre-Requisites: Understanding of basic API request/response operation in HTTP environments. Any exposure to REST, GraphQL, gRPC, streaming, or pub-sub communication is sufficient. Conceptual familiarity with user authentication, API keys, call authorization, and TLS concepts will help. Detailed understanding of Android, iOS, or backend server programming is NOT required.
Presenters