Mobile Application Security


Hello, guys !!!

 Today I'm bringing some interesting topic to you. That is Mobile Application security. Let's talk about the Mobile Application security.

 Mobile Application Security states to the enforcement of access and data protection measures for individual apps. For examples of such application security policies include data encryption, mobile app VPN, authentication, and data wipe. These security policies and others can be applied during application development, later with software development kits (SDKs), or after the app is compiled with application wrapping.


Let's See what are the Mobile Application security policies in the industry.


Corporate Authentication – Dynamically requires users to enter their corporate credentials before the application will open. This utilizes our enterprise integration for single sign-on (SSO).

 Data-at-Rest Encryption – Secures data stored by the application without having to encrypt the entire device. The entire application and any local data are encrypted.

 Mobile App VPN – Provides a dynamic, application controlled, secure connection from the application to the company’s gateway for authentication and access to backend data. Does not require a management profile or configuration from the user to set up the VPN.

 Data Wipe – Remotely wipes the data for any application, without requiring MDM technology.
Jailbreak and Root protection – Disables an application from running if it detects the device is in a compromised state.

 App Expiration – Allows an application to remain enabled for a predetermined amount of time and disable it from being run.ation is set to allow access to the device’s location.


Four essential ways to protect the mobile application security.

1. Secure the Code: Building a Secure Application
2. Secure the Device: Detecting Compromised and Vulnerable Run-Time Environment
3. Secure the Data: Preventing Data Theft and Leakage
4. Secure the Transaction: Controlling the Execution of High-Risk Mobile Transactions

Comments

Post a Comment

Popular posts from this blog

Phishing

Image
Phishing on Course web at SLIIT What Is Phishing?                   Phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details , often for malicious reasons, by disgusting as a trustworthy entity in electronic communication. What is spear phishing attack ?                   S pear phishing  is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. Introduction ?         First you need know some details about how it will be work. Phishing attack can be done creating web pages like original web sites. Attacker create similar site like original one and host that site in the server and send that link to the target person or group. If they trust that link and enter their information to that fake webpage. In that page store what they ente
Read more

CySCA 2014 Web Penetration Testing Write-up

Image
Hellow Peeps !!! Today I bring some interesting hacking challenge walkthrough. Let's see what it is, CySCA2014 Web Penetration Testing Write-up We need to first setup the cysca2014 box in VM. When the VM configuring we can check connectivity is their using ping commands. Web Penetration Testing 1 – Club Status Turn on the intercept in the burp suit and go to the web site using cysca2014 IP address. Then you can see the GET request. There are two cookies called PHPSESSID and VIP. Then we have to edit the VIP cookie value from 0 to 1 and forward the request. Then we need to forward this packet in burp suite. Then we can get a website. Index.php Now we cannot access the blog. Now we need to change VIP 0 to 1 then we can access the blog.   Now we can access Blog. Web Penetration Testing 2 – Om nom nom nom After completing challenge 1, you can browse on the Blog page. There is
Read more

Double Submit Cookies Patterns

Image
Cross-Site Request Forgery (CSRF)  Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful CSRF attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context. In effect, CSRF attacks are used by an attacker to make a target system perform a function via the target's browser without knowledge of the target user, at least until the unauthorized transaction has been committed. Impacts of successful CSRF exploits vary greatly based on the privileges of each victim. When targeting a normal user, a successful CSRF attack can compromise end-user data and their associated functions. If the targeted end user is an
Read more