Thursday 13th December 2018,
SQA²

How to Secure Mobile Applications?

admin March 26, 2014 Resources, SQA² Term No Comments
123rf-13738207_s

The growth of mobile apps is increasing rapidly. According to recent research, the global market for enterprise mobility will be over 100 billion within fifteen years.

Mobile application security is a huge concern for enterprises. When cross-platform development kits (open source and paid development kits) were used to reduce development costs, hybrid mobile apps dominated market share. However,this led to major security problems.  Here are some best practices to help secure mobile apps.

Never Trust Any User

Verify each request sent by the mobile application. The web server must authenticate and validate every request because the majority of possible attacks come from mobile clients. Two-factor authentication or similar validation methods are recommended before delivering sensitive or confidential data.

Encrypted Data Storage and Delivery

To prevent data breaches it is strongly recommended that the mobile app send and receive user data through encrypted channels.  Any user data stored in a database server should be encrypted as well.

Use Timed Sessions

The basic concept is to limit the amount of time a user can go without any activity. Sometimes used as a security feature, timeouts mean that all user requests and validation must be validated with a timestamp.  This prevents attackers from intercepting the session data and getting unauthorized access.

Disabling Repeat Request

In addition to timed sessions, it is strongly recommended that apps ensure transactions not be completed more times than necessary. For example, if a user repeats a banking request during a money transfer, it’s possible that the application deducts the same amount multiple times from the user’s bank account.

Stop Accepting Modified Requests and Prevent URL Manipulation

Attackers usually try to identify all the possible entry points to access your system. It is very common for attackers to modify user requests and bypass the authentication or some other harmful activities. To prevent these situations, the URL must be encrypted or the transaction completed with a cryptographic key pair.

Like this Article? Share it!

About The Author

Comments are closed.