Applications – Security and Privacy

Hey, have you seen the newest game app, “Fox and the Flipflop?” Your kids will love it. With a conversation like this with a relative, colleague, friend, or acquaintance, the word of mouth endorsement of this new game app has us all scurrying to upload it to our device.

Now, we’re all sharp individuals, we’re reading this in a security blog for heaven’s sake, and we know to only download from trusted and verifiable sites. 

We’re all good, right?

Maybe. Maybe not.

Security in Applications

Those who build applications can give themselves a head start in doing it right by following the recommendations of the Open Web Application Security Project (OWASP). The OWASP published their top ten application security concerns and they are:

  • Improper platform usage
  • Insecure data storage
  • Insecure communication
  • Insecure authentication
  • Insufficient cryptography
  • Insecure authorization
  • Client code quality
  • Code tampering
  • Reverse engineering
  • Extraneous functionality

Without diving into the intricacies of each, suffice it to say that an application developer who has these guidelines in hand and implements them will have a more secure application, when compared to those who simply “build.”

And while we have apps for specific designated tasks, we also have those building apps which continue to find their way onto our devices, with apparent legitimacy and then during an update, attempt to slide a hook to malware embedded in the update.

In 2015, researchers at the University of Indiana evolved a means to detect unknown malice within 10 seconds, with the development of VETFAST, and in doing so drove innovation in the app review process. Good for them, good for the industry.

As positive an event as it was, it didn’t stop malware from finding its way into apps. The criminals or unscrupulous successfully infiltrated during the development stage. In the well (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Christopher Burgess. Read the original post at: Cylance Blog

Christopher Burgess

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

christopher-burgess has 21 posts and counting.See all posts by christopher-burgess