Managing Risk is More Important Now Than Ever

February 20, 2018 1864 Views Gabriel Torok

I just read the Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2018.

Forrester reminds us all that “Risk and compliance management is more important than ever, thanks to the increasingly intangible nature of business value and the growing risk of violating customer trust.”

The report evaluated 14 leading GRC (governance, risk, and compliance) vendors: ACL, Enablon, IBM, LogicManager, MetricStream, Nasdaq, NAVEX Global, Riskonnect, RSA, Rsam, SAI Global, SAP, ServiceNow, and Thomson Reuters. What was most interesting to me is that 50% of these leading providers use PreEmptive’s application protection tools as part of their own strategy.

With software applications driving new business models, corporate reputations are increasingly at risk and regulatory fines are skyrocketing. Now is an ideal time to implement a comprehensive risk management strategy.

Free Trial

Request Quote

Request Demo

Migrating from ProGuard or DexGuard to DashO

Over the past year, we have seen an influx of developers looking to replace existing ProGuard and DexGuard implementations with DashO. While the three products are conceptually similar, we have found that there are important differences between the products, and those differences can lead to unexpected migration issues. This article summarizes many of the tips and techniques our support team has been refining, to shorten your learning curve and simplify your migration.

This article:

Provides a logical mapping of features between the three products.
Recommends specific patterns to:
- Simplify and shorten your migration.
- Improve the strength and effectiveness of your application protection.
- Optimize and automate ongoing app protection to reduce the cost and complexity of maintaining protection.

5 Penetration Test Tips for Mobile Apps

Five Penetration Test Tips to Create Secure Mobile Apps

Just as businesses and consumers make the shift from desktop-driven digital change to mobile devices and applications, so are malicious actors. While traditional attack vectors still enjoy widespread success, increasing infosec knowledge about cybercriminal origins and threat profiles has pushed attackers down a new path: Mobile.

As noted by Threat Post, for example, advanced persistent threats (APTs) like RedDawn — which masquerades in app stores as “beta” versions of useful software — are now making the shift to mobile platforms. PC Authority, meanwhile, reports that fraudulent mobile transactions are up more than 600 percent from 2015, while Dark Reading points out that mobile users are now 18 times more likely to be targeted by phishing than traditional malware attack vectors.

What does all this movement mean for mobile app developers and owners? That just designing secure applications is not enough. Ongoing penetration testing and risk assessments are now critical to ensure that apps that were safe yesterday still hold up today — and won’t fall apart tomorrow.

In its recent GitHub $7.5B acquisition announcement, Microsoft promised to “bring its developer tools and services to new audiences.” “New audiences” in this context mean, quite literally, GitHub’s 28 million developer users. As the “largest open source community in the world,” GitHub audiences will most surely also mean new requirements, new priorities, and new expectations – but these will also come with old biases. And there is no better example of open source bias than code obfuscation.

For the typical open source developer, obfuscation is “like a pearl onion on a banana split” – it simply does not belong (with thanks and apologies to Philip Marlowe in Raymond Chandler’s The Long Goodbye).

The argument is simple enough – there is no reason to prevent the reverse engineering of open source applications because the source code is already public. It’s like picking an unlocked door.

I am not a superstitious person and I don’t believe in magic, but even still – I have to confess that the way Xamarin spits out Android and iOS apps (along with all the other platforms) feels kind of magical to me. Of course, when something breaks, I am reminded all too quickly that there is no magic happening here – Xamarin has just encapsulated a lot of complex steps into a neat and tidy black box.

For me, and I bet I am not alone here, I am very happy to leave that black box alone – and I am also happy to ignore as much of the platform-specific details as I possibly can.

Unfortunately, when it comes to security, there are platform-specific issues that simply cannot be ignored.

Welcome to the Support Corner, where we’ll occasionally talk about topics that we’re seeing while working with our customers. If you’d like to see more like this, please click the Support Corner Category.

In addition to Renaming and Control Flow, String Encryption is an obfuscation transform that can help protect your application. When customers enable String Encryption in Dotfuscator, they are often surprised to see that string constant definitions are still visible in decompiled code. Customers often contact us asking how to encrypt those string constants.

However, those string constants don’t need to be encrypted; they need to be removed entirely. Dotfuscator’s String Encryption feature takes the strings that have been inlined by the .NET compiler and encrypts them. That leaves the constant definitions behind, unused – and they can be removed.

Managing Risk is More Important Now Than Ever

Migrating from ProGuard or DexGuard to DashO

5 Penetration Test Tips for Mobile Apps

Five Penetration Test Tips to Create Secure Mobile Apps

Microsoft Has Embraced GitHub. Can GitHub Embrace Obfuscation?

Xamarin and Dotfuscator: Do you believe in magic?

Encrypting String Constants with Dotfuscator

Latest Blog Posts

Migrating from ProGuard or DexGuard to DashO

5 Penetration Test Tips for Mobile Apps

Microsoft Has Embraced GitHub. Can GitHub Embrace Obfuscation?

Xamarin and Dotfuscator: Do you believe in magic?

Encrypting String Constants with Dotfuscator

Latest News

Dotfuscator Adds Rooted Device Controls to Meet Exceptional Xamarin.Android Demand

Microsoft Build 2018

PreEmptive Solutions Launches GDPR Compliance Relief Program

Protecting Your Xamarin Apps with Dotfuscator

Third Major Dotfuscator Community Edition Release in 12 Months Expands Real-time Defense and Streamlines Xamarin Integration

Twitter

App Protection Blogs

Managing Risk is More Important Now Than Ever

Five Penetration Test Tips to Create Secure Mobile Apps

Latest Blog Posts

Latest News

Twitter