Mobile DevOps is a thing! Build secure mobile applications with Anastasiia Voitova
22 snips
Jun 2, 2021 
Anastasiia Voitova, a security engineer at Cossack Labs, is an expert in application and data security. She discusses the critical first steps teams should take to enhance mobile app security, emphasizing risk assessment and integrating security into the SDLC. Anastasiia clarifies zero trust versus zero knowledge architectures and shares low-effort, high-reward practices to proactively prevent security issues. She also highlights the importance of regular security routines and resources for continuous improvement in app protection.
AI Snips
Chapters
Books
Transcript
Episode notes
From Mobile Dev To Security Engineer
- Anastasiia described starting as an Objective-C mobile developer and then expanding into backend work and security.
- She moved from app development to application and data security after realizing developers had broad access to user data.
Zero Trust Versus Zero Knowledge
- Zero trust means you don't implicitly trust services inside your infrastructure and authenticate all connections.
- Zero knowledge means the system cannot see plaintext data because data is encrypted everywhere except at strict, minimal points.
Begin With Risk Assessment
- Start security with a risk assessment: identify sensitive data, regulations, and likely threats.
- Use that assessment to prioritize defenses like encryption, API protection, and throttling.
