Happy 2025 New Year Event join our Working Cyber Incident Workshop Happy Hour"

Come have some fun with our OWASP Members and Cyber Fireside NJ: Join in hands-on learning with a few Rockstars sharing and teaching.

#### Workshop Purpose

The purpose of this workshop is to enhance the organization’s resilience against threats stemming from fake or malicious applications. By simulating an attack scenario involving a counterfeit app, participants will gain practical experience in identifying, preventing, and responding to such incidents.

This hands-on exercise is designed to strengthen cross-functional collaboration, reinforce secure app and API design principles, and ensure compliance with relevant regulatory frameworks.

Exercise Objectives

1. Detection and Prevention of Fake Applications

• Implement methods to identify and validate app integrity and authenticity using advanced runtime checks and mobile attestation solutions.
• Develop strategies to monitor and promptly remove counterfeit apps from app stores.

2. Securing API Communication

• Strengthen API security with app-specific integrity checks, token validation, and certificate pinning to prevent unauthorized interactions.
• Explore rate limiting and role-based access control (RBAC) as critical safeguards.

3. Harden Server-Side Security

• Enforce robust input validation and access controls to mitigate server-side vulnerabilities.
• Simulate threat scenarios to test server-side resilience against credential stuffing and brute-force attacks.

4. Incident Monitoring and Response

• Enhance log analysis and telemetry used to detect and investigate rogue app activity.
• Design and implement a clear incident response playbook that includes user notification, regulatory compliance, and mitigation strategies.