2 Days Left! iPad Pro w/ Smart Keyboard or ASUS Chromebook w/ Online Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Pin the Key on the App... and Other Transport Security Fun

  • Tuesday, June 6th, 2017 at 3:00 PM EDT (19:00:00 UTC)
  • Mark Geeslin
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Public key (or certificate) pinning is a concept that has moved from relative obscurity just a few years ago to one that all mobile app developers should consider an absolute must for mastery today. Furthermore, with the continued erosion of trust in the Web's hierarchical PKI and the advent of new standards, such as HPKP, public key pinning has invaded conversations far beyond mobile development, being discussed and debated in all spheres of application security. When considered in light of the broader, encompassing subject of transport security, including HSTS and other, more recent security headers, the topic can sometimes appear overly complex and confusing.

This webcast will attempt to clear up some of that confusion, specifically for the Java developer, by covering the underlying concepts as well as the detailed steps for implementing public key pinning and other recent transport security mechanisms within your Java applications. This will be a very practical, "how-to" talk, from which developers should take away knowledge that can be immediately applied to projects underway. While the focus will be on Java, the concepts and steps will be largely applicable to Android as well as other languages.

Speaker Bio

Mark Geeslin

Mark Geeslin is a Senior Principal Software Engineer and Director of Application Security at Asurion. Mark has been working in the software development and security industries for over 25 years in numerous and diverse environments, ranging from high-tech security start-ups to Fortune 100 companies. In recent years he has directed the application security programs at leading software technology firms in Silicon Valley. Besides his extensive experience as a software engineer, Mark's expertise includes large-scale application security assessments, penetration testing, threat modeling & architectural risk analysis, static & dynamic software security analysis, secure code review, and security research. Mark has earned advanced degrees in both computer science and theology, and currently holds the GWAPT, GMOB, GSSP-Java, GSSP-.NET, and GSEC certifications.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.