App Developers: How to Protect Your Apps From Being Hacked in 2014

With 2013 behind us we are left with the memory of a massive increase and change in cyber criminal behavior, as well as some foresight into 2014 and the things developers can do to protect applications from hacking.

As the Internet of Things (IoT) creates more situations where our daily lives, our governments, our utilities, our homes, and our businesses can be managed by smart mobile devices, applications become more vulnerable to hacking and malicious code.

According to a report on The Internet Of Things by GigaOm Pro, in 2012 a household of 4 had an average of ten devices connected at any given time. Studies predict that by 2017 that number will increase to 25 for the same-size household, and by 2022 it will be an average of 50.

Governments, “joy riders”, and thieves alike continue to exploit vulnerabilities, as malware attacks become more commonplace, complex and crafty. As a result of most applications having more than one vulnerability, as well as multiple classes of vulnerabilities, detection remediation must be routine and IT security professionals, and app developers must become more proactive, in addition to developing the ability to respond with flexibility, speed and intelligence.

In a special report by Arxan Technologies, researchers found that a fact-based perspective enabled them to develop a set of recommendations for the protection of apps, and there are a number of processes security professionals, and application developers, can implement to prevent attacks and protect data, protect organizations, and protect customers and consumers at varying levels:

Plan ahead with IT application development and build security into the app. High-risk mobile apps such as iOS and Android must be made resistant to tampering, as well as be able to defend themselves against static or dynamic analysis at runtime, as such analysis could enable cyber criminals to more easily develop malware. In addition, there should be a specific focus on protecting the integrity of mobile apps against tampering or reverse-engineering attacks regardless of platform. Finally, confirm that off-the-shelf application components have no known vulnerabilities before use.

Take responsibility for security by holding apps to the highest standard of security testing and conduct testing of mobile apps that is proportionate to usage and data value.

Be hyper-vigilant and place special emphasis on high-risk mobile activities that incorporate sensitive data such as that for banking or payment transactions, legal procedures or paperwork, ID or licensing renewals, and interactions that have high value IP such as health care, government, commerce, and corporate.

Keep apps up to date and educate, as well as encourage, users to update regularly and check general settings for unnecessary permissions, restricting them to what is needed for their function only.

Sandbox enterprise apps on devices, create mobile app firewalls, enable geo-fencing, virtualize apps, and implement biometric authentication, all the while keeping in mind that each of these security solutions has its own set of vulnerabilities or impracticalities. · Leverage anti Cross Site Request Forgery (CSRF) frameworks.

Implement tighter session management.

Assess security measure of supply chains and ensure that corporate partners and web services are tested and hardened for security with the same standards as your company owned applications

As we move further into the 21st century it is easy to see how our lives can become much easier to manage with technology. While it is true that with these modern technological advances comes a higher need for vigilance and protection, it is without a doubt that if we continue to promote mobile app protection as a strategic initiative, we can easily leverage production to innovate, and distribute, high-value and sensitive mobile applications that provide benefits that far outweigh the risks.

This and more topics that concern Cyber threat will be discussed in the upcoming CyberTech conference, which will take place on January 27th in Tel Aviv, Israel.