Pin the Key on the App... and Other Transport Security Fun

  • Webcast Aired Tuesday, 06 Jun 2017 3:00PM EDT (06 Jun 2017 19:00 UTC)
  • Speaker: Mark Geeslin

Public key (or certificate) pinning is a concept that has moved from relative obscurity just a few years ago to one that all mobile app developers should consider an absolute must for mastery today. Furthermore, with the continued erosion of trust in the Web's hierarchical PKI and the advent of new standards, such as HPKP, public key pinning has invaded conversations far beyond mobile development, being discussed and debated in all spheres of application security. When considered in light of the broader, encompassing subject of transport security, including HSTS and other, more recent security headers, the topic can sometimes appear overly complex and confusing.

This webcast will attempt to clear up some of that confusion, specifically for the Java developer, by covering the underlying concepts as well as the detailed steps for implementing public key pinning and other recent transport security mechanisms within your Java applications. This will be a very practical, \how-to" talk, from which developers should take away knowledge that can be immediately applied to projects underway. While the focus will be on Java, the concepts and steps will be largely applicable to Android as well as other languages.