|
|
|
|
|
|
by adrr
2882 days ago
|
|
|
Caveat: I am not a security expert by any means. Starbucks app security is a good starter and easy to implement their strategies in an existing app. If you add in IOS version checking, you can help mitigate the risk of getting attacked by a jailbroken device on an older version of IOS. https://blog.tendigi.com/starbucks-should-really-make-their-... Skype is probably best in terms of securing the app from prying eyes and modification. Here's a good read on how they protected the app and the reverse engineering effort needed to crack it.
http://www.oklabs.net/skype-reverse-engineering-genesis/ I threw in my linkedin profile into my hackernews profile. Feel free to add me. I just listed stuff protecting the app, there's additional strategies to secure the API including low-level pack inspection to detect proxies by looking at attributes like TCP timestamp or window size scale. Proxy-based attacks are the most common when it comes to financial fraud as the hackers aren't US-based but need a residential US IP to avoid detection and IP ACLs. |
|
|