Download pdf
Planning on introducing a mobile app into your product mix? Expect new attacks on your API infrastructure. Help Shipfast and ShipRaider battle for control of a driver delivery app by exploiting API keys, OAuth2 user authorization, TLS certificate pinning, HMAC call signing, app shielding/hardening, app attestation and more. Overview the unique challenges of API security with mobile clients.

Pre-Requisites: Understanding of basic API request/response operation in HTTP environments. Any exposure to REST, GraphQL, gRPC, streaming, or pub-sub communication is sufficient. Conceptual familiarity with user authentication, API keys, call authorization, and TLS concepts will help. Detailed understanding of Android, iOS, or backend server programming is NOT required.