As in the early days of email, website and network hacking, cybercriminals in the mobile application hacking business are coming up with new, creative ways to take control of your apps and gain access to the sensitive information that they contain.
A tidal wave of serious threats to your applications is brewing in the previously calm waters of application security, given the fact that applications, which were formerly housed in well-protected data centers behind strong firewalls, now appear on medical devices, in cars, on millions of mobile phones and just about everywhere else you look these days. These environments are virtually impossible to protect, leading analysts and security professionals to realize that a safe harbor in application security hinges on applications protecting themselves.
Unfortunately, most application security activity today centers around secure coding practices, which are critically important but not sufficient to protect applications that are running in untrusted and distributed environments. Application self-protections that check the environment in which applications are running, ensure the integrity of execution and respond proactively to attacks are critical, but they are often overlooked in the rush to deploy new apps.
8 Ways to Upgrade Your Application Protection
With this in mind, we’ve assembled a set of 8 collaborative resources that can help application security practitioners:
- Understand new threats that are unique to applications running in distributed environments.
- Protect applications at runtime.
- Secure cryptographic keys, which are at the core of many digital handshakes that occur across application components.
These actions will connect you with videos, white papers and reports focused on increasing security awareness and curbing mobile hacking threats so you don’t get swept away in the upcoming wave of mobile and IoT app attacks.
1. Read ‘Securing Mobile Applications in the Wild With Application Self-Protection’
Mobile applications are uniquely exposed to hacking attacks since the application code must be released out into the wild. Attackers can directly access, compromise and exploit the binary code, such as by analyzing or reverse engineering sensitive code, modifying code to change application behavior and injecting malicious code. This white paper provides a comprehensive examination of the vulnerabilities to your mobile apps and mitigation techniques to secure them.
2. Spend Two Minutes to Learn How to Hack a Cryptographic Key
Cryptographic key-focused attacks are a rapidly growing problem and one of the most difficult risks to minimize. If your organization is not taking appropriate steps to protect these keys, you are giving cybercriminals easy access to your private data and transactions.
3. ‘Think Like a Hacker! Common Techniques Used to Exploit Mobile Apps and How to Mitigate These Risks’
The first step in learning how to protect and defend your applications from attackers is to think like one. It is surprisingly easy for cybercriminals to leverage widely available third-party tools to disable and compromise iOS and Android mobile apps, which can lead to unauthorized access to source code, tampering with apps to enable advanced malware attacks, theft of sensitive data and more.
The mobile threat landscape has evolved to include various reverse engineering and tampering attacks that can be mitigated through application binary risk assessment and implementation of new approaches to mobile app security that protect applications at runtime.
4. Stay up to date
The illegal reproduction and distribution of copyrighted material on the Web is extensive and growing rapidly. In its “2015 State of Application Security Report,” Arxan analyzed data collected over the past three and a half years that looked at the distribution of pirated software and digital assets on the Dark Web and indexed sites that are focused on distributing pirated assets. Thousands of sites were analyzed in the process, including over 50 that are in the business of distributing pirated releases. This report found:
- The volume and nature of pirated software and digital assets;
- Today’s distribution model for pirated assets;
- The economic and business implications of piracy;
- The role of unprotected applications in enabling piracy; and
- Key recommendations to mitigate digital piracy.
5. Understand Mobile Apps and the Need to Protect Them
The mobile attack surface has grown due to the unique attributes of the mobile platform and now encompasses application hacking, reverse engineering and tampering that compromise an app’s critical security and business logic. The app security landscape has moved beyond addressing only programming flaws or source-level code fixes to addressing attacks at the binary level.
There are basically five key application protection questions:
- How frequently are applications getting hacked, and is there a case for action?
- Who is advising organizations that binary code must be protected?
- How are mobile applications being attacked as a result of a lack of binary code protection?
- What are the key application risks that should be defended against?
- What are the techniques and best practices that you should use to protect your application’s binary code?
6. Read up Application Hardening
Take a moment to read “Which Approach to Mobile Application Hardening Is Right for Your App?” This will help you understand four critical factors that you should consider when determining which mobile application protection solution is the right fit.
7. Be Particularly Weary About Financial Service Applications
The potential mobile banking and payments market for financial institutions is tremendous, and providers that offer the most secure apps will prevail over the competition. But this opportunity is not without potential hazards. The effect on revenue and brand caused by attackers can be devastating.
8. Watch the Replay of ‘Securing the Internet of Things’ With Forrester Research
Internet of Things (IoT) devices will increase the size of the threat landscape over the next decade. The complexity of IoT devices is multiplying the difficulties of security in every aspect of the enterprise. As IoT devices bridge the gap between the logic and physical, there are real-world risks and ramifications to human life along with the impact on our digital assets.
This webinar, “Securing the Internet of Things,” outlined the phases of IoT maturity, described how human interaction impacts the risk levels of IoT devices and predicted when your specific market vertical may be impacted by IoT security threats. It also outlined leading practices for securing IoT solutions, focusing on how best to protect mobile and embedded applications that are increasingly the focus of IoT attacks.
- Top 8 actions for runtime application protection - December 3, 2015
- What approach to application hardening is right for your organization? - October 26, 2015