2. It´s-a me Bertuzzi
•Thiago Bertuzzi é desenvolvedor .net há 15 anos participando de
projetos Desktop, Services, Web e Mobile utilizando Xamarin.
•É Microsoft MVP em Developer Technologies
•É Líder técnico / Arquiteto Mobile e .Net na NESS
•Contribui para comunidade Xamarin escrevendo artigos,
compartilhando códigos, palestrando e criando pacotes Nuget.
3. This presentation is motivated by the
implementation of best practices and tools to
improve security in application development.
All information is based on the need and current
scenario of the NESS and IONIC
Remember:
Cybersecurity is everybody's business
4. Security should be a priority at every stage of development
Do not use non-original themes, plugins, packages, services
and others
Develop based on patterns
Up-to-date dependencies
Test early and often enough
Automate processes to simplify security
5. Avoid Loss of Code
Align a standard with the team
One person responsible for the final code
Gitflow
Organization = Security
16. Sonarcloud - Code Quality and Security
64,109 Monthly Verification Code Lines
24.132 Lines of Code to Deploy an API to
a CI/CD Client
56,109 Lines of Code to Deploy an API/Web
with Rules in a CI/CD Client
56,109 x 3 Monthly Customers = 168,327
17. Requires an infrastructure team to maintain
Requires container management
Requires constant
Ongoing / maintenance
Sonarqube - Open Source
18. Sonarqube - Open Source
1 Million lines 333 USD MONTH x 250 Euros
SonarCloud
Server Cost + Database + Storage
25. Basic Security Tips
Authentication(oauth2,Active Directory, identity server)
HTTPS
Do not expose sensitive data in URLs (ids and etc)
JWT
Public Key vs. Private Key
Sensitive data storage
Android Root & Jailbreak
Mobile Security storage