eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
17 Mobile App Dev Vulnerabilities That Can Cost You an Arm and a Leg
2Authentication/Authorization
Authentication and authorization vulnerabilities allow malicious users to execute tasks, such as impersonating and performing operations as other users and accessing areas and operations of the app they normally wouldn’t be allowed to access bypassing security pin codes, for example. Developers need to make authentication and authorization mechanisms a priority during development. Online banks frequently are the victims of authentication/authorization attacks.
3Availability Vulnerability
Availability issues result in the client, or server-side of the application, being denied service from either the entire application or part of it. Crashes are a common side-effect of availability issues. Developers who understand the potential vectors that allow malicious entities to cause availability issues will understand what steps need to be taken to prevent such attacks, including system crashes resulting from request overflows.
4Configuration Management
Configuration management issues relate to the misconfiguration of servers or clients, enabling a malicious app to steal data from another app on the same device. Examples of configuration management issues include instances of organizations not forcing new users to change their passwords on the first log-in.
5Cryptography Weaknesses
Cryptography weaknesses involve sensitive information disclosure from an app sending sensitive data over the wire as clear text, or encryptography with obsolete or bad encryption, which leads to a false sense of security for both the developer and the end user. Since encrypted information is usually highly sensitive, the negative impact from cryptography weaknesses can be devastating.
6Information Disclosure
7Input Validation Handling
Input validation handling issues relate to a mobile app that might not be able to handle information from external sources in a secure manner. These exploits are similar to what happens to server-side attacks, such as SQL injection (SQLi), cross-site scripting (XSS) and cross-site request forgery (CSRF).
8Personal/Sensitive Information Leakage
9Conclusion
Whether you’re a swimmer on the lookout hoping to avoid a Great White or a developer looking to keep end users safe from hacking, there are steps to achieve safety, beginning with awareness. Our mobile devices are a treasure chest of sensitive information, and it’s crucial for both end users and developers to be aware of the risks that may be swimming beneath the branded apps that we put an incredible amount of trust, and data, into.