Answer

What are the hidden mobile app security threats to look out for?

What are the security risks to lookout for as we move to mobile apps from Web applications?

Requires Free Membership to View

Mobile apps are interesting because, in many businesses, they're seen as a cutesy marketing tool that needs to be thrown together on a whim. After all, in the minds of many, if you don't have an "app in the app store" then your business is not legitimate. This whimsical reputation sometimes keeps companies from putting a serious focus on mobile app security.

Web application security is a relatively new frontier but mobile app security is entirely new.

Web application security is a relatively new frontier but mobile app security is entirely new. That said when it comes to mobile apps running on common platforms such as iOS and Android, many of the same security problems exist in mobile apps that we've seen in Web applications such as:

  • Lack of input validation
  • Poor session management
  • Feeble or non-existent encryption protecting data in transit and data at rest
  • Authentication and password weaknesses

In that regard mobile app security is very similar to Web application security.

However, mobile apps are a different beast when it comes to testing. You can't use traditional Web vulnerability scanners – at least in the familiar point-and-click kind of way. There's more manual testing involved using the mobile devices themselves along with some potentially unfamiliar forensics and network analysis tools. Another proven method for testing mobile apps is to perform a source code analysis using tools by vendors such as Checkmarx or Veracode.

One final thought is about the mobile-enabled versions of your websites/applications. The flaws are basically the same, but in terms of what needs to be tested, you don't want to overlook your mobile-enabled sites/applications.

More on mobile security threats

You may also want to check out this illustrated explanation of OWASP's top ten list of security vulnerabilities for the mobile enterprise.

Test them from both traditional PCs as well as mobile devices. You might be surprised at the varying results you get back.

All in all, mobile app security is a great new space to be working in. I'm truly enjoying it. Just stay true to the basics we've known all along: finding and fixing the basic flaws can provide a ton of value. The OWASP Mobile Security Project seems to be a good resource that's shaping up in this area.

This was first published in September 2013

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: