APP PROTECTION RESOURCES
Resources From Security Experts 
resourcesectionheaderimage

 

owasp-logo

The proposed  OWASP Top 10 Mobile Risks for 2014 includes:

  • M1: Weak Server Side Controls
  • M2: Insecure Data Storage
  • M3: Insufficient Transport Layer Protection
  • M4: Unintended Data Leakage
  • M5: Poor Authorization and Authentication
  • M6: Broken Cryptography
  • M7: Client Side Injection
  • M8: Security Decisions Via Untrusted Inputs
  • M9: Improper Session Handling
  • NEW: M10: LACK OF BINARY PROTECTION

Mitigate OWASP Top 10 Mobile Risks

NEW: M10: LACK OF BINARY PROTECTION

A lack of binary protections within a mobile app exposes the application and it’s owner to a large variety of technical and business risks.  A lack of binary protections results in a mobile app that can be analyzed, reverse-engineered, and modified by an adversary.  The integrity of these apps must be protected, as secure coding and traditional app security practices alone cannot prevent these attacks. Even “flawless” code can be cracked and modified

Are your applications at risk? If you answer yes to any of these questions, you are vulnerable to a binary attack:

  • Can someone code-decrypt the app (iPhone specific) using an automated tool like ClutchMod or manually using GDB?
  • Can someone use an automated tool like Hopper or IDA Pro to easily visualize the control-flow and pseudo-code of the app?
  • Can someone modify the app’s presentation layer (HTML/JS/CSS) of this app within the phone and execute modified JavaScript?
  • Can someone modify the app’s binary executable using a hex editor to get it to bypass a security control?

The inclusion of Arxan's application security solutions applied at the end of the build process will yield self-aware, self-defending and tamper-resistant apps. Fill out the form below for a FREE Consultation and White Paper on how our proven mobile app security solutions mitigate M10: Lack of Binary Protection.

 

Terms of Use|Site Map

© 2014 Arxan Technologies, Inc. All Rights Reserved.