7 Mobile App Dev Vulnerabilities That Can Cost You an Arm and a Leg

 
 
By Darryl K. Taft  |  Posted 2016-07-04
 
 
 
 
 
 
 
 
 
  • Previous
    1 - 7 Mobile App Dev Vulnerabilities That Can Cost You an Arm and a Leg
    Next

    7 Mobile App Dev Vulnerabilities That Can Cost You an Arm and a Leg

    The popularity of mobile apps and rise of cyber-criminals lurking in the mobile space means companies must take more precautions to build secure apps.
  • Previous
    2 - Authentication/Authorization
    Next

    Authentication/Authorization

    Authentication and authorization vulnerabilities allow malicious users to execute tasks, such as impersonating and performing operations as other users and accessing areas and operations of the app they normally wouldn't be allowed to access bypassing security pin codes, for example. Developers need to make authentication and authorization mechanisms a priority during development. Online banks frequently are the victims of authentication/authorization attacks.
  • Previous
    3 - Availability Vulnerability
    Next

    Availability Vulnerability

    Availability issues result in the client, or server-side of the application, being denied service from either the entire application or part of it. Crashes are a common side-effect of availability issues. Developers who understand the potential vectors that allow malicious entities to cause availability issues will understand what steps need to be taken to prevent such attacks, including system crashes resulting from request overflows.
  • Previous
    4 - Configuration Management
    Next

    Configuration Management

    Configuration management issues relate to the misconfiguration of servers or clients, enabling a malicious app to steal data from another app on the same device. Examples of configuration management issues include instances of organizations not forcing new users to change their passwords on the first log-in.
  • Previous
    5 - Cryptography Weaknesses
    Next

    Cryptography Weaknesses

    Cryptography weaknesses involve sensitive information disclosure from an app sending sensitive data over the wire as clear text, or encryptography with obsolete or bad encryption, which leads to a false sense of security for both the developer and the end user. Since encrypted information is usually highly sensitive, the negative impact from cryptography weaknesses can be devastating.
  • Previous
    6 - Information Disclosure
    Next

    Information Disclosure

    Information disclosure issues involve information that can be exposed directly or indirectly by the attacker. Examples include information being transferred to another app or even stored on a device so another application can expose it.
  • Previous
    7 - Input Validation Handling
    Next

    Input Validation Handling

    Input validation handling issues relate to a mobile app that might not be able to handle information from external sources in a secure manner. These exploits are similar to what happens to server-side attacks, such as SQL injection (SQLi), cross-site scripting (XSS) and cross-site request forgery (CSRF).
  • Previous
    8 - Personal/Sensitive Information Leakage
    Next

    Personal/Sensitive Information Leakage

    Sensitive information leakages occur when an app exposes personal information—credit cards numbers, secret documents, etc.—belonging to the end user. This vulnerability occurs when applications are using third-party statistic servers when they send a user's personal info without their knowledge.
  • Previous
    9 - Conclusion
    Next

    Conclusion

    Whether you're a swimmer on the lookout hoping to avoid a Great White or a developer looking to keep end users safe from hacking, there are steps to achieve safety, beginning with awareness. Our mobile devices are a treasure chest of sensitive information, and it's crucial for both end users and developers to be aware of the risks that may be swimming beneath the branded apps that we put an incredible amount of trust, and data, into.
 

Shark Week is upon us and making swimmers think twice before jumping in the ocean. The chances that a shark might attack are slim, but hidden dangers are always lurking beneath the waves. Similarly, most of us are relaxed by our trust that the powerful mobile OSes will keep attackers far from our personal data. After all, Apple built iOS with security in mind, and Google is synonymous with security, isn't it? Yes and no. While our mobile devices are shipped with built-in protection, the shields securing our personal data are only as strong as the weakest links in the apps we use. These weak links are vulnerabilities that increasingly are similar to the threats faced by Web apps as more mobile apps are communicating with external servers over which mobile OSes have no control. We're swimming among vulnerabilities and cyber-criminals. And given how much personal data we store on our devices, it's important to be informed of the risks of not practicing secure mobile app development. Otherwise, the consequences could sink brand equity and revenue, costing your company an arm and a leg. Working with app security testing vendor Checkmarx, eWEEK created a list of vulnerabilities to help keep you on the alert.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel