3 Ways to Secure Your React Native App - React Native - October 2019
HTML-код
- Опубликовано: 12 ноя 2019
- 3 ways to secure your React Native App by Christian Chown
In this talk, we'll outline how you can add JavaScript obfuscation, certificate pinning and root detection to your React Native app to secure your codebase, your API calls and your data
Twitter: @christianchown
Github: github.com/christianchown
Website: www.christianchown.com
_
About Pusher Sessions:
We're bringing the meetup to you. With Sessions, you can watch recordings of top-notch talks from developer meetups -- wherever and whenever you want.
Meetups are a great way to learn from our peers and to keep up with the latest trends and technologies. As developers ourselves, we at Pusher wanted to bring this great content to more people... So we built Sessions. On Sessions, you can watch talks that interest you and subscribe to be notified when new content gets added.
If you run a meetup and want to get involved, kindly get in touch.
_
About Pusher:
Pusher is a hosted service with APIs, developer tools and open source libraries that greatly simplify integrating real-time functionality into web and mobile applications.
Pusher will automatically scale when required, removing all the pain of setting up and maintaining a secure, real-time infrastructure.
Pusher is already trusted to do so by thousands of developers and companies like GitHub, MailChimp, the Financial Times, Buffer and many more.
Getting started takes just a few seconds: simply go to pusher.com and create a free account. Happy hacking! Наука
Great lecture ! public key pinning was added today to react-native-ssl-pinning
Awesome talk! Definitely helped me understand how security is a cumulative effort 💯
really good and helpful talk
Wonderful talk. Really helpful
Brilliant talk!
thank you!
Thank you so much for sharing such valuable information in a really simplified way
This guy should do a lot more talks!
Do you have react-native-obfuscating-transformer sample project or any video tutorial to implement?
Awesome
Awesome explanation 🤩
24:01 tearing up there fam? 😏 loll informative video btw thanks
Awesome video ✌️
Thanks again Christian. My extra piece of advice to add to this would be - never pay your existing developers for an entire sprint to do a penetration test on the app they built. Rookie mistake by me, very criminal behaviour to even entertain the idea and take £5k from me for 2 weeks work, which funnily enough returned that there was 'nothing wrong with the security on our app'. The main reason for this, is they were actually trying to steal the API from me, but implying I didn't care about security or user data, so of course making any recommendations to improve that would have been counter intuitive to their plans!
Can you please share the sample code that you have shown for javascript obfuscation?
You should still be able to pin the certificate itself and avoid bricking your app if you build a mechanism for updating it via push notifications.
Never got the obfuscation to work on my projects so I just did my own obfuscation on parts of my code that I wanted to protect. (Which wasn’t much) Using base64 encoding and decoding and meaningless identifier names.
Currently, Cydia apps called A-Bypass and Liberty can bypass almost all jailbreak detection. Anybody know any strategy to prevent that?
where can i find examples of the obfuscate.sh?
@Drix Barsali, Have you found or prepared obfuscate script? I tried something but it didn't work for my project.
@@ibrahim.ozdogan yes tried too.. but not able to implement... In the end the client choose for a paid solution
@@ibrahim.ozdogan how about you? were you able to find?
@@jalexander9929 Yes Alex. Due to the fact that there is not enough resources on the internet, it was hard to implement. But after a lot of tries, it's done. This the link - stackoverflow.com/questions/64265280/how-to-obfuscate-code-in-react-native-for-ios - that I've asked a question to StackOverflow in order to find a solution and helped me indeed.
@@ibrahim.ozdogan you are right, about it not being easy to implement! but thanks ill check it out
After I copied the code for Android obfuscation in the obfuscate.gradle file I tried to build the app and I got this issue
"Could not get unknown property 'apkDir' for task ':app:unzipAPK' of type org.gradle.api.tasks.Copy. "
Any reason for it??
do you have obfuscate.sh file?
Slides ?
docs.google.com/presentation/d/1LQcVEEMVFH2ESRLP6RW7MJoub_vjD0e1M62ZaRfW-bg/edit?usp=sharing
@@chrischown thanks for the video. but I'm finding it difficult to find obfuscate.sh file. can you point where I can get it?
where can I find obfuscate.sh ??