Originally posted here: https://speakerdeck.com/vixentael/x-things-you-need-to-know-before-implementing-cryptography
This talk includes:
1. Handling user secrets with care (showing, storing, logging).
2. Input validation and password rules.
3. Handling transport connection.
4. And some tips and tricks that will confuse attackers.
--------------------------------------
If you can't tap on the link inside slides, please open as pdf (button on the right).
--------------------------------------
Before we get deep into protocols vulnerabilities: things you should remember designing your app flow from a security point of view.
This talk will focus on copybook headings of infosec: what you need to know before exciting stuff like cryptography and AI-assisted incident detection. Like, choice of data you show in the background mode, choice of 3rd party SDKs, which logs we send and where...
Even when developers create apps with security in minds, protect user secrets, and don’t reveal unencrypted data, attackers can find ways to bypass these security measures by exploiting architectural weaknesses and unobvious, yet very simple vulnerabilities. We will talk about all the tiny bits and pieces are necessary to make your app secure against simple attacks way before focusing on the hard things (like crypto).
This talk was made for CocoaHeads Kyiv #14 which took place Oct 6 2018.