Managing Application Vulnerabilities (an early peek into improved controls for your code and data)

October 4, 2016 1724 Views Sebastian Holst

I’m working on an application risk management study/survey focusing on the importance of one vulnerability exploit in particular: debugger hacks against production apps. Our initial data set already includes responses from 100+ developers targeting cloud, mobile and desktop platforms from 15+ countries.

A Clear Material Application Risk for a Majority of Development Teams

58% report ongoing, sustained risk management development investments dedicated to mitigate the following material risks:

Financial theft
Intellectual property theft through application use
Intellectual property theft through application tampering and reverse engineering
Operational disruption
Regulatory and other compliance obligations
Unauthorized access to user and business data

Within the development teams that have taken affirmative action to mitigate these risks, 64% have identified unauthorized use of a debugger in production as a material vulnerability.

If you’re interested in getting the final numbers (and a deeper dive into both the risks and controls to effectively mitigate these risks), I expect to be publishing results in the next 1-2 weeks HERE (there's already a link to a related white paper on this page for download too).

Keeping Secrets: The Evolving Expectation of App Defense

Applications drive corporate success. As noted by Business 2 Community, the average American smartphone owner uses more than 10 apps per day and spends over three hours per day connected to the Internet via their mobile device. The problem? Rapidly-expanding app markets combined with easy-to-find hacker kits make the current environment a cybercriminal’s paradise — according to recent Ponemon data, the average cost of a data breach is around $3.62 million and the size of breaches is trending up. It gets worse: According to Gartner, 99 percent of app vulnerabilities exploited won’t rely on new, sophisticated attack vectors, but existing vulnerabilities that infosec pros have seen in the wild for at least a year.

The Six Degrees of Application Risk

Cyber-attacks, evolving privacy and intellectual property legislation, and ever-increasing regulatory obligations are now simply “the new normal” – and the implications for development organizations are unavoidable; application risk management principles must be incorporated into every phase of the development lifecycle.

Organizations want to work smart – not be naïve – or paranoid. Application risk management is about getting this balance right. How much security is enough? Are you even protecting the right things?

PreEmptive Thoughts from Build 2017

Like so many of us returning from Build 2017, we at PreEmptive are feeling both energized and highly motivated. Energized because of the truly impressive innovation coming out of both Microsoft and our larger ecosystem – and motivated because we can all see the expanding concern around application risk management and data security in this rapidly evolving world – and of course, that is where PreEmptive Solutions comes in.

Automating Xamarin Protection with Dotfuscator

This week, all eyes of the software community will be fixed on Microsoft's Build conference. Microsoft and its partners are set to announce new technologies and lay out their vision for the future of software development. Recent years have seen the narrative take a decidedly cross-platform approach. Visual Studio Code gives developers tools to create what they want no matter their OS of choice. .NET Core extends the reach of the popular .NET Framework to Mac and Linux. Finally, Xamarin, which was acquired by Microsoft in 2016, lets app developers write their app once, then publish it for Android, iOS, and Windows devices.

As a Visual Studio 2017 Premier Launch Partner, PreEmptive Solutions is pleased to announce, as part of Microsoft Build 2017, a new way to integrate Dotfuscator's protection into Xamarin apps.

Like magicians, hackers do not reveal their tricks – but we will

According to NIST’s National Vulnerability Database, six vulnerability categories have grown from 68% to over 84% of the total number of reported vulnerabilities in just the past four years.

Managing Application Vulnerabilities (an early peek into improved controls for your code and data)

A Clear Material Application Risk for a Majority of Development Teams

Keeping Secrets: The Evolving Expectation of App Defense

The Six Degrees of Application Risk

PreEmptive Thoughts from Build 2017

Automating Xamarin Protection with Dotfuscator

Like magicians, hackers do not reveal their tricks – but we will

Latest Blog Posts

Keeping Secrets: The Evolving Expectation of App Defense

The Six Degrees of Application Risk

PreEmptive Thoughts from Build 2017

Automating Xamarin Protection with Dotfuscator

Like magicians, hackers do not reveal their tricks – but we will

Latest News

Third Major Dotfuscator Community Edition Release in 12 Months Expands Real-time Defense and Streamlines Xamarin Integration

DashO 8.0 for Java and Android Ships with Advanced Real-time Application and Data Controls

Dotfuscator® Community Edition Expanded to Include Advanced Application and Data Protection Controls

SD Times: Coders are from Mars, courts are from Venus

PreEmptive Solutions Updates and Expands Community Edition of Dotfuscator inside Visual Studio

Twitter