What you'll learn
Welcome to Securing NativeScript applications. You're here because you understand about the dangers that apps can face. In this course, you will build layers of security into a simple, completely unsecured NativeScript app. You'll start out with protecting resources with authentication and authorization. However, simple auth is not enough. You'll find out how to keep your passwords safe with hashing and salting, JSON web token, server-side auth middleware, and controlling the user login lifetime. In Chapter 4 we’ll balance between the server and clients worlds and secure the protocols they use to communicate with a technique called SSL pinning. You'll also offload identity management and use the common OAuth2 protocol with those identity providers, and you’ll use the latest serverless technologies to help keep important data off your device. There are techniques for keeping your data and code safe on the client as well. In the data protection chapter we'll see the differences between device storage mechanisms and their security implications. However, your assets aren’t only data. Your other exposed asset is your application code itself. While these days, NativeScript apps are bundled through Webpack, we will take code protection a step further. This course is meant to show you some available options when it comes to securing your NativeScript apps, but it’s by far not an exhaustive set of guidelines.