The Cloud Security Alliance
has released a new report surrounding its Mobile Application Security Testing Initiative. The purpose of the report is to provide the Alliance’s insight into building out a roadmap for establishing a more secure cloud ecosystem to protect mobile applications.
The Alliance’s Mobile Application Security Testing (MAST) Initiative offers research to the cloud industry reduce the possible risk exposures and security threat in using mobile applications. MAST defines a framework for secure mobile application development, achieving privacy and security by design. Ultimately MAST will provide clearly articulated recommendations and best practices in the use of mobile applications.
Mobile application security testing and vetting processes utilized through MAST involve both static and dynamic analyses to evaluate security vulnerabilities of mobile applications for platforms such as Android, iOS and Windows.
These processes cover permissions, exposed communications, potentially dangerous functionality, application collusion, obfuscation, excessive power consumption and traditional software vulnerabilities.
It also covers internal communications such as debug flag and activities and external communications such as GPS, NFC access as well as checking the links that are written in the source code. In addition to security testing and vetting, the initiative has also proposed processes and procedures for security incidence response.
The report details the issues of mobile app vetting from a life-cycle perspective, mobile app development management, mobile app coding, and audit management security issues. The Alliance plans to create a follow up assessment and certification scheme white paper based on NIST special publication 800163: "Vetting the Security of Mobile Applications" and also set up a vetting plan for a mature model and mobile apps security.
Also planned is the establishment of a vetting plan for mobile apps and guidance to allocate resources to resolve potential security problems or certification-period incidents.Read more: https://cloudsecurityalliance.org/download/mobile-...
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.