Select

Unravelling The Mobile Security Landscape – Part 1

Enterprise Mobility is ubiquitous. Forrester research states that 49% of enterprises plan to increase spending on  mobile devices and applications. However, for every positive development in this market, there is often a corollary risk. The proliferation of mobile devices has led to the BYOD surge, flux of varied OS platforms, and the convergence of mobile, social and cloud technologies. Combined, these have made mobile devices vulnerable to a variety of security risks. Therefore, it’s critical for enterprises to understand the changing dynamics of mobile technology and what it can do to protect data.

There are many potential weak spots in a mobile application that makes mobile app auditing important. Some of them are:

  • Insecure Data storage
  • Weak Server Side Controls
  • Insufficient Transport Layer Protection
  • Client-Side Injection
  • Poor Authentication and Authorization
  • Improper Session Handling
  • Security Decisions via Untrusted Inputs
  • Side Channel Data Leakage
  • Broken Cryptography
  • Sensitive Information Disclosure

 

Security associated with mobile applications can often be identified and mitigated through security testing. Mobile Application Security Testing can help enterprise defend against malware and vulnerabilities and deliver secure applications and applications platforms. Some of them are:

    1. Static Analysis:

Static Analysis employ automated tools for analysis of the application’s source code. Since this testing is performed during implementation phase of SDLC on smaller segments of code, it detects vulnerabilities at a very early stage and suggests potential remediation. It is also performed during testing phase on the integrated code to verify availability & accountability of the application.

2. Dynamic analysis

This testing performs deep analysis of web applications to establish a deep understanding of the vulnerabilities of a single web application. Unlike source code scanners, a dynamic analysis program doesn’t have access to the source code and therefore detects vulnerabilities by actually performing attacks. Dynamic Analysis is performed during last stages of implementation phase of SDLC and is also performed during testing phase as well as Maintenance/Support phase.

3. Manual Penetration Testing

Penetration testing involves use of various tools and scanners. It helps uncover complex vulnerabilities not detected by automatic scanners. It attempts to exploit the vulnerabilities to determine whether unauthorized access or malicious activity is possible.  Penetration testing is conducted on running systems in realistic environment. It is performed during Testing and Maintenance phase after automated scanning is completed and when code base is more stable.

Since no single type of testing is capable of discovering all possible flaws and vulnerabilities in the binary code of an application. Therefore there is a need to perform various testing techniques to uncover a wider range of vulnerabilities.  In the end it all boils down to enterprise requirements. However, I hope to have suggested some food for thought in choosing the right security testing strategy.

Interested in our Testing Services?

Contact Apexon +1 408-727-1100

By submitting this form, you agree that you have read and understand Apexon’s Terms and Conditions. You can opt-out of communications at any time. We respect your privacy.

By submitting this form, you agree that you have read and understand Apexon’s Terms and Conditions. You can opt-out of communications at any time. We respect your privacy.

Other stories you may enjoy...

One Year In: Technology Success Stories from the Pandemic

This time last year, US companies were forced to face a new and unsettling reality: business as usual was no longer an option. I wrote then about how businesses could shift their...

Healthcare Apps and the Need for Security

One of the most exciting areas in tech right now promises to be “the most personal” ever. A key aspect of making wearable devices like the Apple Watch personal is through...

Developing an App for the 2020 General Election?

Here is a thought: With the UK General Election having just finished, could the next one in 2020 be the first to use a mobile app to allow people to vote? The polling...