Security controls

Why cryptocurrency wallets security is not about blockchain but about application security and user education? What crypto wallets and banking apps have in common? Are they as secure as banking apps? In her new talk, Julia goes into details, risks and threats of crypto wallets, design concerns and implementation issues, and gives practical advice for developers who want to make their apps more secure.

In his talk for the OWASP Zhytomyr community, Artur uncovers solutions to practical security issues every security engineer faces. The mobile application landscape is constantly changing – developers use new frameworks, Google demands new requirements and security features. Artur demonstrates the latest setup of a lab environment for security testing of Android apps. He uses it to illustrate how different apps implement specific OWASP MASVS requirements — like certificate pinning or root protection. Artur shows where to look to spot the missing security controls.

A “tips and tricks” talk for mobile developers. Even when developers create apps with security in mind, (at least try to) protect user secrets, and don’t reveal unencrypted data, attackers can still find ways to bypass these security measures by exploiting architectural weaknesses and non-obvious, yet very simple vulnerabilities. The talk is about all the tiny bits and pieces that are necessary for making your app secure against simple attacks way before focusing on the hard things (like cryptography).