Airfare Daily Deals eCigarettes Eyeglasses Hotels Jewelry Online Backup Online Dating Online Printing Online Tickets Skin Care Textbook Rentals Vitamins Web Hosting Weddings
Get reviews, comparisons, and deals for popular retailers and brands
SEARCH
Mobile Phones Rankings Q&A Coupons Reviews Comparison Grid Directory Articles
Ask a Question about Mobile Phones
Mobile Phones Q&A Forum

10 Handy Tips from OWASP to Avoid Mobile Vulnerabilities

Hold onto your hats. Technology is moving at breakneck speeds, leaving many organizations stuck at the start line. Why? Many companies just aren't implementing the high security standards required in today’s fast-paced digital landscape to ensure the safety of their software throughout the ranks.

Slowing down is not a possibility - security cannot afford to lag behind. This is particularly true for businesses eager to enter the mobile application race. As apps form a greater proportion of our online experience, it's vital to understand the security issues and vulnerabilities they could pose to users and your organization.

The Mobile OWASP Top 10 is a great online resource if you want to learn more about mobile application security. The list combines platform-specific guides and general best practices to aid the development of secure mobile apps, increase industry awareness and promote dialogue on this topic. The goal of the list is to create an industry standard, which categorizes malicious functionalities, giving security and development teams the ability to identify risks and mitigate them. Application security solution provider Checkmarx has reviewed the OWASP Top 10 to explain each vulnerability and the techniques to avoid them:

1. Weak Server-Side Controls

Every app communicates with a backend, leaving your sensitive server-side data accessible to unauthorized users. This may not seem very mobile-specific but it’s topped the OWASP list due to the severity of the potential data breaches and the fact mobile apps can introduce additional risks into existing architectures. To overcome this issue, never trust the client. Design your server-side controls for mobile devices and don't use client applications to enforce access control.

2. Insecure Data Storage

A flaw in one app opens up access to locally stored files on a device and exposes any sensitive information stored in the app. Privacy violations, non-compliance and data breaches could all occur as a result. Encryption is one way to prevent such a vulnerability, as well as only caching data intended for long-term storage.

3. Insufficient Transport Layer Protection

SSL/TLS authentication ensures data cannot easily be leaked, tampered with or intercepted by man-in-the-middle attacks eager to control user and administrative accounts. Again, ensure all sensitive data is encrypted over all networks, your SSL certificate is up-to-date, your app is configured for SSL/TLS over an entire user session and monitor network traffic for such attacks.

4. Unintended Data Leaks

Seemingly innocuous actions on your app, such as storing clipboard data and keystroke logging, could cause data leaks resulting in fraud, reputational damage and privacy violations. Only collect data your device actually needs, store it in an encrypted database or the device’s native keychain and closely monitor how your application collects or caches data to overcome this.

5. Poor Authentication and Authorization

Offline access is required as mobile devices dip in and out of connectivity, resulting in many apps implementing shoddy authorization and authentication protocols, which leaves admin accounts open to unauthorized access. Contextual information can help as part of multi-factor authorization alongside the use of an encrypted database or the device’s native keychain, and offerings such as the Microsoft Access Control Service, for example, give mobile developers a simple method to authorize and authenticate users. More simply, if you app doesn’t need offline access, then disable it.

6. Broken Cryptography

Cryptographic protocols must be up-to-date to protect any sensitive information stored on the device or in your app. This protects users from data theft and privacy violations, and your app from code theft or reverse engineering. Sensitive data must be stored using the native keychain and encryption keys must be stored separately from encrypted data.

7. Client-Side Injection

Android apps are particularly at risk here as they run and are downloaded completely on the client side. Injection attacks, for example, could let an attacker gain unauthorized access to administrative accounts and sensitive data. White-box testing techniques, data validation and data encoding could all help prevent client-side injection.

8. Security Decisions via Untrusted Inputs

If you app connects to third parties without user permission, which is a process known as IPC (Inter-Process Communication), your app is wide open to a huge range of attacks including injection vulnerabilities and security models being bypassed to access sensitive data. All information sent to an outside party must be validated and encoded on the server-side to prevent this and IPC methods should be avoided for sensitive data transfers.

9. Improper Session Handling

If an app doesn't use secure protocols or fails to log a user out properly, your data is vulnerable. Preventative measures include secure session tokens, logging users out of the app after a period of inactivity, not using a device’s ID as a session token and allowing tokens to be quickly revoked should a device be lost or stolen.

10. Lack of Binary Protections

Binary protections prevent reverse engineering, where attackers could modify your app, to disable it, add certain functionalities or grab sensitive data stored in the syntax. Debugger detection controls, jailbreak detection and certificate pinning can all help prevent this.

Whatever stage your app is at, it's important to realize that security must play a part in your mobile application’s development. Organizations that fail to take a security pit stop to recognize and mitigate these risks could very well crash and

Asked by leona zoey on Sep 30, 2016

0 Answers

Add Answer

You are not enrolled in Q&A rewards yet
Apply for a position
Latest Mobile Phones Questions & Answers
If you are facing weak mobile phone signal at your workplace or home, you must consider the idea of installing a mobile signal booster to ensure an uninterrupted network every time. As the demand increase, everyday and thousands of subscribers use the same service of the network in the same region i...
Asked by Rambo rockey 5 months ago in Mobile Phones | 0 answers
Hold onto your hats. Technology is moving at breakneck speeds, leaving many organizations stuck at the start line. Why? Many companies just aren't implementing the high security standards required in today’s fast-paced digital landscape to ensure the safety of their software throughout the ranks. ...
Asked by leona zoey 5 months ago in Mobile Phones | 0 answers
Rising Samurai has a variety of characters with their own unique abilities. Commercial use of the katana, use magic attacks, and also uses remote attacks like arrows. You will find adventure arguably not be found in other Square Enix games in this Rising Samurai. Using Exreme Action RPG genre, Samur...
Asked by meliaric ani 10 months ago in Mobile Phones | 0 answers
Your iPad can do a lot of things, but there’s only one way that your brand new iPad is like a pair of white sneakers. This comparison isn’t between what you can do with either of them. After all, your runners aren’t too hot at operating your favourite apps, and your iPad can’...
Asked by leona zoey 13 months ago in Mobile Phones | 0 answers
Asked by David Cadwallader 15 months ago in Mobile Phones | 0 answers
Built serves only to residents of the UK, since both offers for mobile related concerns of customers belonging to all sectors of society to make it easier. These deals also provide customers with the most reliable service and authentic mobile network service providers such as Vodafone, Virgin, O2, O...
Asked by William Jon 15 months ago in Mobile Phones | 0 answers
Which is better an iphone or an android?
Asked by Marshay Pritchett 22 months ago in Mobile Phones | 0 answers
A contact may be an important co-worker for business. A picture may be a fascinating story of love. A clip of video may capture an unforgettable experience...What a pity to lose them from your Android Phone!There are too many reasons that may cause your important data being erased, removed or lost f...
Asked by jeremy chandler 47 months ago in Mobile Phones | 0 answers
I am looking for a cheap smartphone which supports applications like whatsapp and viber, which has a dual camera with a minimum 5 MP primary camera, and is not expensive as an iPhone or a Samsung galaxy series phone. Also do recommend me some websites which gives me a good deals for cellphone shoppi...
Asked by Mr Arrogant 31 months ago in Mobile Phones | 0 answers
I've tried calling from the Bahamas and the call doesn't go thru. His phone is off now in a foreign land
Asked by Alee Penn 32 months ago in Mobile Phones | 0 answers
It is safe to say that you are anticipating overhaul your portable device? Do you need your most loved handset to concoct a capable arrangement? Wish your telephone to convey progressed sight and sound peculiarities? A response to all above expressed inquiries is iphone 5c contracts bargains. This v...
Asked by Nick Heffar 32 months ago in Mobile Phones | 0 answers
Last answer by Mycal Daniels 32 months ago: In terms of hardware, the Galaxy S5 is by far the best choice. It has higher screen resolution than the Moto X and is even with the Nexus. The S5 has a faster processor (Quad core 2500mhz, vs the Nexus' Quad 2260mhz or the Moto X's Dual 1700mhz) The S5 has better cameras (16 megapixels rear, 2.1 ... read more
Asked by mohit raj 32 months ago in Mobile Phones | 1 answers
Last answer by mohit raj 32 months ago: The best HTC phone avialab right now in the market is HTC ONE M8 read more
Asked by Lindbergh Lendl Soriano 49 months ago in Mobile Phones | 3 answers
Having a cloud based telephone system may provide you a much sought after edge over your competitors, but maintaining the system properly and ensuring its safety and security is quite an issue.   Keeping the cloud based telephone system for your business safe and secure might is not that...
Asked by Albert Derio 37 months ago in Mobile Phones | 0 answers
I have Boost Mobile and plan to stay with them for now.  I would like to upgrade to a smart phone, though.  I know they're available at Walmart & Best Buy at different price levels, but have no idea what's ok, good or not so good staying in the under $200 range.
Asked by Nancy Ippolito 40 months ago in Mobile Phones | 0 answers
Last answer by Balwinder singh 44 months ago: i think you shoudnt . the new iphone 5 just have the difference in operating system(iOS7). and if processing isnt a big issue for you in your present phone then you dont need to upgrade . just not worth the money they ask for,stick to your old one. read more
Asked by Vahe Atakhanian 44 months ago in Mobile Phones | 2 answers
I received this phone from my friend and I can't get or use 3g or 4g. I called tracfone and they said i have to update the apn but i tried updating it or creating a new apn but i can't. The only options i get when i try to create a new apn is "reset to default" and i can't edit the apn because all t...
Asked by duece lee 45 months ago in Mobile Phones | 0 answers
I received a tracfone samsung galaxy s2 from my uncle cause the charger port was broken, and I was wondering if they'll fix it or replace it for a new one even if i don't have warranty? If they do how much would it cost?
Asked by duece lee 45 months ago in Mobile Phones | 0 answers