From 3955617f9d93e814755bfbad63fd7e016469acc0 Mon Sep 17 00:00:00 2001 From: Ana Polo Date: Wed, 11 Dec 2024 17:12:29 +0100 Subject: [PATCH] docs: add tip --- src/content/docs/security/security_in_mobile_apps.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/content/docs/security/security_in_mobile_apps.mdx b/src/content/docs/security/security_in_mobile_apps.mdx index 76774cc..f2ecc02 100644 --- a/src/content/docs/security/security_in_mobile_apps.mdx +++ b/src/content/docs/security/security_in_mobile_apps.mdx @@ -218,11 +218,12 @@ There are tools like AWS Secrets Manager and Google Cloud Secret Manager that he - [AWS Secrets Manager video](https://www.youtube.com/watch?v=-9nOyaM3kZk&t=26s) - [Google Cloud Secret Manager](https://cloud.google.com/secret-manager) -> ❗️**Take into account** -> +:::tip[Take into account] + Tools like **FreeRASP** and **obfuscation** techniques improve application security, they can't guarantee complete protection against cyber attacks. API keys and secrets stored on the client side are always vulnerable to extraction through reverse engineering, among other techniques. -> + One possible solution for increased security would be to implement a custom backend as it would protect these sensitive keys. This backend would handle API calls securely, keeping secrets hidden from the client. +::: More information on _M7: Insufficient Binary Protection_ [here.](https://owasp.org/www-project-mobile-top-10/2023-risks/m7-insufficient-binary-protection.html)