Build secure mobile applications with Anastasiia Voitova
Mobile DevOps is a thing! - A podcast by Bitrise
Categories:
In this episode, we talked to cybersecurity expert Anastasiia Voitova about all things related to mobile app security: from the first and most important steps teams should take to prevent potential attacks to reaching a high level of DevSecOps maturity. Besides working at Cossack Labs as Head of Customer Solutions, where she builds data security tools that help companies protect sensitive data, Anastasiia also regularly talks about security & cryptography at conferences and is a community leader of WomenWhoCode Kyiv. In this episode In this episode, we talked about all aspects of app security: the benefits of integrating end-to-end security checks, zero-knowledge and zero-trust architectures, and cryptography best practices. We also discussed how mobile teams getting started with app security should approach the implementation of these practices, such as data encryption, authentication, dependency management, secure coding, etc. There are plenty of low-effort, high-reward steps they can take, enabling them to proactively prevent security incidents. We also asked for Anastasiia's opinion on what the future holds when it comes to app security and how she expects these practices to evolve in the coming years. Show notes: OWASP MASVS https://github.com/OWASP/owasp-masvs OWASP ASVS https://github.com/OWASP/ASVS OWASP SAMM https://owaspsamm.org/model/ https://github.com/vixentael/security-data-management-for-app-devs-workshop#list-of-defensive-appsec-tools-for-mobile-apps https://support.apple.com/guide/security/welcome/web https://developer.android.com/topic/security/best-practices https://speakerdeck.com/vixentael/maintaining-cryptographic-library-for-12-languages https://dev.to/cossacklabs/automated-software-security-testing-for-devs-part-1-gcf https://dev.to/cossacklabs/automated-software-security-testing-for-devs-part-2-47nm https://dev.to/cossacklabs/automated-software-security-testing-for-devs-part-3-4711 https://dev.to/cossacklabs/automated-software-security-testing-for-devs-part-4-18eh