Managing Application Vulnerabilities (an early peek into improved controls for your code and data)

October 4, 2016 2995 Views Sebastian Holst

I’m working on an application risk management study/survey focusing on the importance of one vulnerability exploit in particular: debugger hacks against production apps. Our initial data set already includes responses from 100+ developers targeting cloud, mobile and desktop platforms from 15+ countries.

A Clear Material Application Risk for a Majority of Development Teams

58% report ongoing, sustained risk management development investments dedicated to mitigate the following material risks:

Financial theft
Intellectual property theft through application use
Intellectual property theft through application tampering and reverse engineering
Operational disruption
Regulatory and other compliance obligations
Unauthorized access to user and business data

Within the development teams that have taken affirmative action to mitigate these risks, 64% have identified unauthorized use of a debugger in production as a material vulnerability.

If you’re interested in getting the final numbers (and a deeper dive into both the risks and controls to effectively mitigate these risks), I expect to be publishing results in the next 1-2 weeks HERE (there's already a link to a related white paper on this page for download too).

Free Trial

Request Quote

Request Demo

Announcing DashO v9.0

DashO v9.0 is out, and it has a new major version number for a very good reason: we've made some major improvements!

Java 9 and 10 support, including module support

In DashO v8.4, we introduced "provisional" Java 9 support, and we published an article describing our Java 9 roadmap. Java 9 support was provisional because there were cases where DashO would process a Java 9 app in a way that DashO thought was correct but would actually result in a broken app. As part of our commitment to the "principle of least surprise", we didn't want users to discover those issues by accident, so we made Java 9 support require an opt-in.

As of DashO 9, Java 9 (and 10) support is no longer provisional; it is a fully-supported feature, without an opt-in - and without surprises. There are a few edge cases, still, but those will generate build warnings or errors, as appropriate.

Now is the time to seriously look at how you are protecting and securing your applications

The U.S. National Institute of Standards and Technology (NIST) has published two data-security focused documents in as many months.

In June 2018, NIST published guidance on assessing requirements for securing unclassified information (NIST Special Publication 800-171A Assessing Security Requirements for Controlled Unclassified Information).

In July 2018, SPECIAL PUBLICATION 1800-1 Securing Electronic Health Records on Mobile Devices was published offering a practical guide to meeting the specialized security and privacy obligations that come with the management of health records on mobile devices.

JSON is a widely used format for sharing objects and data within an application. To protect .NET applications that serialize and deserialize JSON objects, you should be aware of some special considerations.

Consider a basic Employee class:

All apps are vulnerable. That’s the takeaway from a recent Trustwave report, which found that 100 percent of web applications could be compromised in a cyberattack. Combined with the uptick in mobile malware, account takeover fraud and blockchain-based attacks, companies spend most of their time fending off new attacks while trying to keep current apps up and running.

The result? It’s easy to assume that when applications aren’t directly under attack, they’re effectively safe. The truth? More code handling more data increases the risk of “leaky apps” — applications which unwittingly expose sensitive data to prying eyes.

Here’s how you plug the holes.

Anyone developing software applications today can easily feel overwhelmed by the persistent security threats their products face from application counterfeiting and malware injection to theft of services and confidential information. This article discusses some of ways hackers go about their dirty deeds and how to achieve a balanced perspective on application risk and risk management allowing you to release applications with greater confidence. Gaining this confidence requires a deeper knowledge of the risks and potential remedies.

Managing Application Vulnerabilities (an early peek into improved controls for your code and data)

A Clear Material Application Risk for a Majority of Development Teams

Announcing DashO v9.0

Java 9 and 10 support, including module support

Latest NIST Publications Reinforce the Importance of Application Hardening in Securing Data

Now is the time to seriously look at how you are protecting and securing your applications

Protecting .NET applications that use JSON objects

"Leaky Apps” Are Draining Your Data — Here’s How You Plug the Hole

Five Evil Things a Hacker Does to Your App

Latest Blog Posts

Announcing DashO v9.0

Latest NIST Publications Reinforce the Importance of Application Hardening in Securing Data

Protecting .NET applications that use JSON objects

"Leaky Apps” Are Draining Your Data — Here’s How You Plug the Hole

Five Evil Things a Hacker Does to Your App

Latest News

Dotfuscator Adds Rooted Device Controls to Meet Exceptional Xamarin.Android Demand

Microsoft Build 2018

PreEmptive Solutions Launches GDPR Compliance Relief Program

Protecting Your Xamarin Apps with Dotfuscator

Third Major Dotfuscator Community Edition Release in 12 Months Expands Real-time Defense and Streamlines Xamarin Integration

Twitter

App Protection Blogs

Managing Application Vulnerabilities (an early peek into improved controls for your code and data)

A Clear Material Application Risk for a Majority of Development Teams

Java 9 and 10 support, including module support

Now is the time to seriously look at how you are protecting and securing your applications

Latest Blog Posts

Latest News

Twitter