Beschreibung
We are currently looking for two ios/Swift developers (m/f) to join an assignment with a healthcare client in Denmark, Copenhagen.Workload: 100% onsite in Copenhagen
Duration: 4 months+
We need 4 very skilled and experienced Android(2) and iOS(Swift) (2) developers to assist the existing development team, that predominantly will develop features in the app, while the consultants are expected to work with security hardening the apps, in order to live up to high security standards tested by an external security auditing company.
A concrete(but not full) list of tasks for both the iOS and Android native apps:
•App must verify the X.509 certificate of the remote endpoint when the secure channel is established
•Only certificates signed by a valid CA accepted
•App must pin the endpoint certificate or public key, and subsequently does not establish connections with endpoints that offer a different certificate or key, even if signed by a trusted CA (Certificate pinning)
•Requiring the user to set a device passcode, enforced by the app
•App should detect whether it is being executed on a rooted or jailbroken device
•Use a custom keyboard for entering of sensitive data
•App must implement multiple functionally independent debugging defences that, in context of the overall protection scheme, force adversaries to invest considerable manual effort to enable debugging
•App should detect, and respond to, tampering with executable files and critical data
•app should detect the presence of widely used reverse engineering tools, such as code injection tools, hooking frameworks and debugging servers
•Detect if app is being run in an emulator
•App should detect modifications of process memory, such as relocation table patches and injected code
•Ensure that all executable files and libraries belonging to the app either encrypted on the file level and/or important code and data segments inside the executables encrypted or packed
•Obfuscating transformations and functional defences should be interdependent and well-integrated throughout the app
•Ensure app implement a 'device binding' functionality using a device fingerprint derived from multiple properties unique to the device
•Ensure app use multiple functionally independent methods of emulator detection that, in context of the overall protection scheme, force adversaries to invest significant manual effort to run the app in an emulator
•Ensure app only runs on operating system versions and devices that offer hardware-backed key storage Alternatively, the information must be protected using obfuscation
Requirements:
*The consultants must have experience with advanced mobile app security from health or financial industries, preferably have experience with app security in mobile apps that has been security reviewed by an external security company.
*The consultants must be team players as well as being able to work independently including analyzing tasks and finding solutions.
* Consultants should have knowledge of most of the concepts from https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide#tab=Main
(MASVS-L1, MASVS-L2 and MASVS-L2+R
If you are interested in the project, please contact Ms Nicole Schneider: