Security Appcelerator
Páginas: 20 (4760 palabras)
Publicado: 10 de diciembre de 2012
AUTHENTICATION AND AUTHORIZATION
THE
6
APPLICATION CODE SECURITY
of
DATA AT REST
LAYERS
DATA IN MOTION
DATA IN AN MBaaS OR PRIVATE DATA CENTER
MOBILE SECURITY
APPLICATION DISTRIBUTION AND MANAGEMENT
APPCELERATOR WHITEPAPER MOBILE SECURITY 101
Introduction
Now more than ever mobile applications are
becoming commonplace in the workplace
and our daily lives.People now use their
mobile devices for much more than phone
calls and emails. They are becoming the
primary way users interact with work, the
Internet, and friends and family. In fact,
there are almost 6 billion mobile devices
in the world and Gartner states mobile
payment transactions will reach over $500
billion by 2016. While mobility brings great
brand reputation, and it will destroyuser/
customer confidence and loyalty.
opportunity, it can also introduce significant
risk to businesses.
private keys, keeping the data encrypted,
while another stores them in accessible
memory, thus providing an opportunity for
an attack to dencrypt sensitive information.
Another runs applications in a “secure”
sandbox that affords a level of protection
by keeping application dataand its
running processes isolated from all other
applications running on the device, while
another OS allows applications free range
into its memory structure. Regardless of the
device, platform, or data source, companies
must develop secure mobile applications
if they want to minimize the risk to their
customers, bottom line, and brand.
Recently, a large social networking site
hit theheadlines when millions of users'
passcodes were compromised as a result
of improper security standards associated
with the handling of data transferred while
the users were accessing the site from their
mobile devices. According to the Ponemon
Institute, a leader in independent research
on privacy, data protection and information
security policy, 6 out of every 10 cybersecurity breachesoccur as a result of a
mobile device. In the past year security
breaches on “smart” mobile devices grew
over 150% and similar attacks on Android
devices alone grew over 3000%, according
to Juniper Networks.
As is true in traditional application
development, security cannot be an
afterthought. It must be baked into the
entire lifecycle of the mobile application,
from planning, developmentand testing,
to release and analysis. A security breach
not only affects the users/customers that
have been compromised, it can have a deep
impact to a company’s bottom line and
© 2012 APPCELERATOR, INC. ALL RIGHTS RESERVED
In the mobile world, applications often need
to be written for many different types of
devices (phones, tablets, mini-tablets, etc…)
and platforms (iOS, Android,Windows,
etc…). All of these permutations introduce
different levels of risk and bring with them
unique vulnerabilities. For example, one
operating system has a way of securing
Securing mobile applications is complex.
Having the right knowledge and tools will
make the job easier. When securing a mobile
application, there are 6 different layers of
security that must be considered.
2 APPCELERATOR WHITEPAPER MOBILE SECURITY 101
LAYER 1
Authentication and
authorization of mobile users
Authentication is the first line of defense
to build into any mobile application. It
identifies users and allows them access
to the application on the device and the
connected backend servers. The more
rigorous the authentication process, the
more secure the application.
Basicauthentication consists simply of a
username and password. Putting stringent
password rules in place, such as forcing
a variation of numbers, different case
letters and symbols, will help ensure more
secure access. According to Unisys, it
takes 5 minutes to break a passcode that
is 6 characters or less and all lowercase.
9 characters that have a mix of numbers,
symbols, and different case...
THE
6
APPLICATION CODE SECURITY
of
DATA AT REST
LAYERS
DATA IN MOTION
DATA IN AN MBaaS OR PRIVATE DATA CENTER
MOBILE SECURITY
APPLICATION DISTRIBUTION AND MANAGEMENT
APPCELERATOR WHITEPAPER MOBILE SECURITY 101
Introduction
Now more than ever mobile applications are
becoming commonplace in the workplace
and our daily lives.People now use their
mobile devices for much more than phone
calls and emails. They are becoming the
primary way users interact with work, the
Internet, and friends and family. In fact,
there are almost 6 billion mobile devices
in the world and Gartner states mobile
payment transactions will reach over $500
billion by 2016. While mobility brings great
brand reputation, and it will destroyuser/
customer confidence and loyalty.
opportunity, it can also introduce significant
risk to businesses.
private keys, keeping the data encrypted,
while another stores them in accessible
memory, thus providing an opportunity for
an attack to dencrypt sensitive information.
Another runs applications in a “secure”
sandbox that affords a level of protection
by keeping application dataand its
running processes isolated from all other
applications running on the device, while
another OS allows applications free range
into its memory structure. Regardless of the
device, platform, or data source, companies
must develop secure mobile applications
if they want to minimize the risk to their
customers, bottom line, and brand.
Recently, a large social networking site
hit theheadlines when millions of users'
passcodes were compromised as a result
of improper security standards associated
with the handling of data transferred while
the users were accessing the site from their
mobile devices. According to the Ponemon
Institute, a leader in independent research
on privacy, data protection and information
security policy, 6 out of every 10 cybersecurity breachesoccur as a result of a
mobile device. In the past year security
breaches on “smart” mobile devices grew
over 150% and similar attacks on Android
devices alone grew over 3000%, according
to Juniper Networks.
As is true in traditional application
development, security cannot be an
afterthought. It must be baked into the
entire lifecycle of the mobile application,
from planning, developmentand testing,
to release and analysis. A security breach
not only affects the users/customers that
have been compromised, it can have a deep
impact to a company’s bottom line and
© 2012 APPCELERATOR, INC. ALL RIGHTS RESERVED
In the mobile world, applications often need
to be written for many different types of
devices (phones, tablets, mini-tablets, etc…)
and platforms (iOS, Android,Windows,
etc…). All of these permutations introduce
different levels of risk and bring with them
unique vulnerabilities. For example, one
operating system has a way of securing
Securing mobile applications is complex.
Having the right knowledge and tools will
make the job easier. When securing a mobile
application, there are 6 different layers of
security that must be considered.
2 APPCELERATOR WHITEPAPER MOBILE SECURITY 101
LAYER 1
Authentication and
authorization of mobile users
Authentication is the first line of defense
to build into any mobile application. It
identifies users and allows them access
to the application on the device and the
connected backend servers. The more
rigorous the authentication process, the
more secure the application.
Basicauthentication consists simply of a
username and password. Putting stringent
password rules in place, such as forcing
a variation of numbers, different case
letters and symbols, will help ensure more
secure access. According to Unisys, it
takes 5 minutes to break a passcode that
is 6 characters or less and all lowercase.
9 characters that have a mix of numbers,
symbols, and different case...
Leer documento completo
Regístrate para leer el documento completo.