About the talk
The native iOS ecosystem is well-regarded for its strong security, featuring app sandboxing, a statically typed language for the development, and libraries built with security in mind. However, developers occasionally need to venture beyond the native environment to incorporate web parts. WebKit offers valuable support for securing these integrations. In this talk, I provide a practical checklist tailored for iOS engineers, who may not be security experts, to guide them in securely integrating web views into their applications.
This talk will cover:
- Configuring WKWebView: establishing secure transport, managing cookies effectively, and serving html/css assets securely
- A brief look at common attacks and strategies to defend against them
- Methods for crafting a secure JavaScript bridge between Web and Native
- A discussion of native APIs safe for web calls and those to avoid for minimizing security risks and maintaining app integrity
Mobile Development
About the speaker
Valeri is a mobile engineer who specializes in building large-scale mobile applications with a focus on performance and security. Current interests include expanding knowledge in Rust and ML.