Categories
Mobile Application Protection

Preventing Cyber Threats for Mobile Applications

Reading Time: 5 minutes

With the advent of new technologies and the rapid shift in consumer habits, applications on smartphones and tablets have become prevalent in our everyday lives. It has never been easier to access mobile banking than it is now, let alone to book flights or shop online. But with this ever-increasing dependence on our smartphones and tablets, we are also more exposed to cybercrime than ever before.

The myth that mobile apps are invulnerable to cyberattacks hasn’t withstood scrutiny. It’s true that mobile apps, on average, have fewer vulnerabilities than desktops or laptops, but their widespread use and application present hackers with a broad. and nearly irresistible, attack surface area.

The good news is that there are many steps the tech industry can take to protect itself from threats.

Mobile Application Breaches

Mobile devices are vulnerable because of their open architecture and their ability to connect to other devices and networks. Mobile apps are particularly at risk. Hackers can exploit bugs and errors, either in the code of the app or on the app store that hosts them.

The top vulnerability is unencrypted data transmission. Bad actors can easily intercept unencrypted data when it travels from one device to another. That often happens when a user goes online while using an unsecured network, like their coffee shop Wi-Fi network, and connects their device to it.

But there are other potential problems, especially in app development. Incorrect default credentials or failing to validate input parameters before storing them in memory can lead to serious vulnerabilities within the app itself.

In one major breach that just happened recently, cybercriminals uploaded a counterfeit crypto wallet to the iOS App Store. The unfortunate users who downloaded it and entered their credentials, thinking it was safe, were instantly deprived of their funds. And this while using iOS, often considered a safer alternative to Android! 

How Mobile Application Breaches Affect the Industry

Mobile devices have become an integral part of our lives and we depend on them for everything from banking transactions to social networking. They contain sensitive information, such as passwords and payment card data, which makes them especially vulnerable to security breaches. 40% of all data breaches were traceable in some way to a mobile device. 

These breaches create a lack of confidence among users and can cause them to question whether it’s safe to conduct transactions on their mobile device. As more people use mobile devices for financial transactions, the number of security breaches will probably continue increasing at an alarming rate.

The Industry Response

App developers must double down on their security practices during and after development. That includes investing in secure coding practices like encryption and making sure they’re using the latest version of any tools they use. They should also consider implementing application hardening tools, such as those that PreEmptive offers, that can help uncover any security threats before they become major problems.

The added expenditure into security means that the tech industry is spending more money on product development. After many painful lessons, industry leaders have learned to take the threat of mobile cyber attacks seriously, no matter the platform. This means that not only are companies creating more secure applications and platforms, but they are also investing in security tools that can help them identify vulnerabilities.

Mitigation Measures Within App Development 

The risks of launching untested applications are clear: potential data breaches and reputational harm. But how can companies mitigate these threats? There are several things to consider before releasing an application, including legal matters and security vulnerabilities. Here are some best practices for mitigating these risks:

  • Make sure developers understand the app’s purpose and requirements.
  • Conduct thorough testing before launch, including penetration testing, end-to-end testing, and user acceptance testing.
  • Make sure to have documented processes in place to handle any security issues that arise after launch.

App testing, for example, is the process of ensuring that an application meets its business requirements, functional requirements, and quality standards before being deployed for use by end users.

Software testers play an important role in ensuring that applications are free from defects and ready for release. They identify errors or defects in software requirements, design, code, and other elements of the software lifecycle. They also help ensure compliance with industry standards and regulations. Testers can work as part of a group or individually on specific projects within the organization.

Developers can also contract with third parties like PreEmptive to help them reduce security vulnerabilities in their apps. Third-party utilities can be used to scan the code for vulnerabilities, perhaps even finding some that would be otherwise missed by the developers themselves.

Building More Secure Mobile Apps

Given the threat of mobile breaches, there’s an ever-increasing need for developers to create more secure applications. App developers can start reducing their risk at multiple different levels:

  • Secure Coding Practices. Developers need to use secure coding practices that provide protection against common vulnerabilities like SQL injection, cross-site scripting and insecure data storage. These types of bugs can expose sensitive data to unauthorized parties or even allow attackers to take over an app.
  • Protecting Sensitive Data. Sensitive data includes credit card numbers, social security numbers, or other personal information. User data should always be encrypted and securely stored, whether on a company’s own server or a hardened server owned by a third-party.
  • User Authentication and Authorization. User authorization refers to restricting what resources each user can access at a given authorization level. An example is only allowing certain users to access specific features or functionality within the app based on their role within the organization.
  • Auditing, Testing, and Training. App developers can hire a team of experts to audit their apps, both internally and externally. They should also test their apps to make sure they work as intended. New security-oriented training procedures can be implemented across the entire organization as well.

Whether speaking about a corporate entity or an independent developer, mobile app security is a serious issue that can have disastrous implications if not approached carefully.

Companies should build their apps with security in mind from the start. PreEmptive is the leader in application security testing and analysis. We provide solutions that are easy to use, yet effective in preventing many types of vulnerabilities and defects in common mobile applications and systems. Contact us to learn more about how we can help you. 


Categories
Mobile Application Protection

17 Online Accounts to Follow on Software Development

Reading Time: 3 minutes

We asked our top Software Engineers what they’re reading and listening to lately to stay up to date on software development. Here are their recommendations on top accounts to follow:

YouTube

  1. Fireship
    These high-intensity code tutorials can help you build and ship your apps faster. This channel has new videos every week that cover intermediate to advanced lessons about JavaScript, Flutter, Firebase, and modern app development. You can even get project support, advanced full courses, and more at www.fireship.io.
  2. Google Developers
    The Google Developers channel features talks from events, educational series, best practices and tips, and the latest updates across Google products, platforms, and services including Android, Firebase, TensorFlow, Flutter, Google Assistant, and more.

Blogs

  1. Eric Elliott on Medium
    Read all things JavaScript in Eric Elliott’s JavaScript Scene and The Challenge to make sure you’re up to date on the latest JavaScript news, frameworks, tricks and techniques, software management, and more.
  2. CSharp Digest
    This newsletter is great for busy techs who want the news delivered right to their inbox. You’ll receive weekly updates, interesting stories, and more in the .NET and C# space.
  3. Scott Hanselman Blog
    As a prominent web developer for the Web Platform Team at Microsoft, Scott Hanselman has been blogging for the past decade on his personal web development experience. Topics range from technology, culture, gadgets, diversity, code, the web, and more. He also has three podcasts, a YouTube channel, and a Twitter account, which you can subscribe to as well.
  4. Microsoft Developer Blogs
    Just like it sounds, these series of blogs have the inside scoop on the latest information, insights, announcements, and news from Microsoft, specifically written about Visual Studio, Xamarin, Azure, .NET, and various other development languages. There’s also an option to pull the RSS feed so you can have the news and announcements delivered to you.
  5. Hackaday
    Get lost in mountains of fresh, playful hacks on the Hackaday blog written by developers all around the Internet where new ideas and information are exchanged daily. The term “hacking” tends to have a negative connotation to the public, but Hackaday embraces the act as an art that is highly creative, technical, and clever. When used for good intent, it can positively promote the exchange of new ideas and information. So, if you have any projects you’re proud of and want to show them off, you can document your work on their hosting site, hackaday.io.
  6. Adafruit
    With Adafruit blog, you’ll get the latest trends, news, and resources on open-source hardware, electronics, gadgets, kits, and more to help you get the machine build of your dreams.

Twitch TV

  1. Bald Bearded Builder
    This year, PreEmptive sponsored this channel and PreEmptive’s JSDefender was implemented in various live coding projects. For software development and clever banter, tune in. With nearly 20 years of experience designing and developing software, Michael Jolley (aka the Bald Bearded Builder) loves sharing his knowledge with others and watching them excel. While still building custom applications for clients today, Jolley spends considerable time pouring into others via his live-coding sessions on Twitch and talks at conferences and meet-ups.

Twitter

  1. The Hacker News (@TheHackerNews)
    This widely read account has daily news and technical coverage on cybersecurity, information security, and hacking to make sure you’re one step ahead of trending malicious attacks.
  2. Mobile Security (@mobilesecurity_)
    Are you a mobile app developer? This is a must-follow account. Stay informed on mobile security trends, specifically with Android and iOS platforms, and how you better adapt to safeguard your applications.
  3. David Heinemeier Hansson (@DHH)
    If you haven’t heard of David Heinemeier Hansson, you should. As the creator of Ruby on Rails and co-founder and CTO at Basecamp, Hansson is a must-follow leader in the technology space. With a slew of perspectives and opinions, his tweets offer great insight on software development for developers who want to grow professionally.
  4. Kelly Sommers (@kellabyte)
    Given away by the name of her Twitter handle, Kelly Sommers has a witty personality. She’s also a highly influential developer with over 43K followers to date with an impressive background as a four-times Windows Azure MVP and former two times DataStax MVP for Apache. You’ll get a combination of playful and insightful development tweets.
  5. Sara Ownbey Chipps (@sarajchipps)
    As a developer at Stack Overflow, Sara Ownbey Chipps is a prominent influential developer in the space. While some of her tweets feature development news and personal opinions, she also engages in a mix of current events she feels worthy of a mention.
  6. Nick Quaranto (@qrush)
    Nick Quaranto is the developer you’ll instantly feel like a friend. Quaranto has a more laid-back feed where he talks about development news, in addition to worldwide events he feels deeply passionate about.
  7. Eric Lippert (@ericlippert)
    Eric Lippert designs programming languages at Facebook and is a former C# language design team member at Microsoft. Over the years in his professional career, he’s learned a lot about programming language design and likes to share those said learnings with the development community on Twitter by fielding thousands of questions about C#, JavaScript, and other programming languages. He also has a blog worth checking out.
  8. Jared Parson (@jaredpar)
    Meet the creator of VsVim, Jared Parson. Parson is also a C# compiler team developer lead at Microsoft working on a language and operating system incubation project. Give him a follow and he won’t disappoint.

Categories
Mobile Application Protection

Mobile Application Protection Increases Profits

Reading Time: 3 minutes

Application security can often be viewed by development teams as a time-consuming barrier to finishing a project. In a world where “time equals money”, the rush to ship functional applications can overshadow the need to ensure those applications are secure. It is true — features are what sell software and fixing bugs retains customers and loyalty. Both actions can be directly linked to revenue and profitability. So, what effect does an investment in application security have on a company’s bottom line?