Skip to main content

Application hardening is a process of taking a finished application and making it more difficult to reverse engineer and tamper. Combined with secure coding practices, application hardening is a best practice for companies to protect their app's IP and prevent misuse, cheating, and repackaging by bad users.

Application hardening takes a finished, well-built application and both manipulates existing, and injects new, code to shield the application against static and dynamic attacks far beyond "hygienic" vulnerabilities like those created by not verifying a sender or destination or message format.

  • Binary level code obfuscation to prevent attackers from seeing a functional view of an application.
  • Application integrity checks ensure the application code has not been altered.
  • Detect whether the app is running on a rooted or jailbroken device.
  • Vary how protections are applied in each build to prevent attackers from building up a cumulative understanding of how apps are being protected.
  • Determine what actions to take if app is being attacked or a device is determined to be compromised.
  • Utilize white-box cryptographic protection to encrypt critical keys and data.

Gartner Market Guide for Application Shielding

“Protecting applications that run within untrusted environments is ever more crucial as mobile and IoT become ubiquitous, and as web applications modernize, bringing more intelligence to the client. Security and risk management leaders must harden their application front ends to avoid turning them into an attack vector.” — Dionisio Zumerle, Manjunath Bhat