Software Protection White Papers

We invite you to learn more about the best practices in protecting software applications from tampering and malware.

You will be emailed a download link(s) to the whitepaper(s).

  • Comprehensive Threat Analysis of Mobile Apps - in the Wild!

    The paper describes prevalent attack risks and recommended mitigation defenses in the following categories: Code Modification or Code Injection Risks and Reverse Engineering and Code Analysis.

  • How to Secure Your Mobile Apps – an Arxan/IBM White Paper

    Mobile applications are uniquely exposed to hacking attacks as the application code must be released "out into the wild." Attackers can directly access, compromise, and exploit the binary code (e.g., analyze or reverse-engineer sensitive code, modify code to change application behavior, or inject malicious code).

  • Jailbreaking - What Is It, and Why Do You Care? An iOS Mobile Application Protection Solution

    This whitepaper explains how the rate of adoption of mobile apps is being lead by the iOS platform and what the significance of Jailbreak Detection capability is for an enterprise as it seeks to manage risk in an evolving mobile ecosystem. Specifics topics in the whitepaper include why hackers are targeting jailbroken environments, background on what jailbreaking is and how it is done, why mobile device and policy management solutions are not sufficient, as well as product highlights on why EnsureIT for iOS enable iOS developers to confidently deploy their apps into the wild.

  • Effective Mobile Application Security Strategies and Implementation Approaches

    As the mobile device market continues to explode with new features, apps and content, the need for mobile software security becomes paramount requiring a software-based approach comprised of app hardening and key protection. In addition to outlining today's various mobile security threats, such as malware, the paper addresses the unique nature of Man At The End (MATE) attacks in the mobile arena. Although other tiers of security are identified as options for end users, such as anti-virus, anti-spam, etc., these solutions primarily address network related threats and are less effective for devices outside the enterprise network perimeter.

  • 7 Key Factors of a Highly Effective Application Protection Solution

    This whitepaper discusses the key factors that enable an effective application protection solution -- that mitigates binary code risks and combats the latest security threats.

  • Multi-Platform Game Protection - A Proven Solution

    Application hardening is a critical issue for game developers and game publishers alike. As games become more complex, demand more investment and are played in a wider variety of scenarios, hacking is also on the rise and millions of dollars in R&D investment can be lost in hours to a successful hack. As online gaming grows and in-game commerce gains prominence, cheating and other forms of compromise can lower the value of a game and further impact revenues.

  • Securing Android Applications - What You Need to Know

    Being a largely open-source platform, Android applications are trivial to reverse engineer as they often rely on system libraries or managed components that are either open source or easily disassembled. What’s more, there are very few anti-tamper and anti-piracy components available for the Android Market. This makes exploits relatively easy to craft and disseminate. In the face of threats such as hacking, piracy, malware injection and data theft, it is critical to Guard the application internally to fully secure these assets. In this whitepaper, we review the risk factors for mobile applications, mobile application exploits, and security recommendations for Android applications.

  • How to Protect Keys in DRM Systems

    Key discovery is the most prevalent class of threats to content protection systems today, such as digital rights management (DRM) systems, digital cinema encryption protocols or conditional access solutions. It is therefore critical to protect keys. Protection tools such as anti-tamper and software-based key protection are therefore critical essential to comprehensive security and to mitigating the full spectrum of threats to digital media applications. Arxan’s protection solution based on diversity, defense-in-depth and randomization provides an effective means to protect intellectual property and private or public keys, thereby minimizing losses to piracy or malware attacks.

  • Securing DRM and Multimedia Applications through Guard Technology

    Software protection is a critical issue for companies seeking to implement or use digital rights management technology. The best encryption schemes are useless if a hacker can quickly acquire the key. Digital rights management technology is all too easily hacked such that its controls are bypassed entirely, leading to rampant media and music piracy. Arxan provides the lowest total cost of ownership for DRM robustness through durable protection, point and click breach management, strong individualization and secure renewability. Impact on development teams is minimized, since we allow the separation of core application development from its fortification. This allows application vendors to focus on meeting consumer needs while Arxan quickly and effectively secures sensitive routines.

  • Protecting .NET Software Applications

    Enterprises and software vendors have long recognized that protecting .NET applications against compromise is vital to their long term viability, and to long term safeguarding of an organization’s software and data assets. In this white paper, we will discuss best practices and how GuardIT® for Microsoft .NET Framework can provide an arsenal of deep and intrinsic protection techniques for managed and mixed-mode code that durably fortify your code against disassembly, static analysis, dynamic analysis and tampering.Protecting .NET Software Applications.

  • Protecting Your Cryptographic Keys

    In this paper, we will discuss prevailing threats to cryptographic keys, a defense-in-depth approach to addressing key vulnerabilities and how to prevent compromise of your enterprise’s intellectual property and customer confidential information. A number of security options that address risk mitigation are also reviewed. Additionally, best practices for key protection, which include application hardening are provided. Lastly, Arxan’s TransformIT™ is presented, which enhances software security by preventing tampering and hacking attacks on keys that are used within software applications. Hence, TransformIT prevents content, data and revenue lost.

  • How to Lock Down Your License Management Software

    Software vendors often believe that a license management solution alone is adequate to secure their software against unauthorized use and tampering. However, global piracy continues to grow. In this white paper, Arxan explains ways to tightly bind security to both their applications and license management systems for overall application security.

  • Protecting Java Software Applications

    While Java offers an efficient framework for developing and deploying enterprise and Web 2.0 server or client-side applications, it also presents many risks. Attacks against Java applications come from many different angles. For instance, a rogue employee steals class files containing critical Intellectual Property, a thick client is reverse engineered to gain visibility into business logic, or a high price tag application is pirated. These attacks are unfortunately easy to carry out given that Java, being an interpreted language, contains program metadata which reveals the inner workings of the application. In this white paper, we will discuss: Software vulnerabilities of Java code Attacks used to exploit Java applications Meaningful application protection against disassembly, reverse engineering and tampering by combining popular measures of security with strong binary-level obfuscation and class encryption How GuardIT® for Java provides defense-in-depth to mitigate risk.

  • PC Gaming Alliance (PCGA) Security Best Practices

    The PCGA believes that this document provides the best known collection of information for protecting PC gaming content and integrity while providing the best possible consumer experience. It covers a very broad number of topics that apply to development, publishing, operations, customer service and legal. It is our hope that if these activities and approaches become more standard and consistent, that legitimate consumer experience will improve while at the same time pirates and hackers will become increasingly discouraged. Ultimately, we hope that some small sub-set of pirates& hackers will convert to legitimate consumers and the PC gaming ecosystem becomes increasingly sustainable as a result. An NDA needs to be in place in order to receive this PCGA Best Practices Whitepaper.

  • Today's Threats and Strategies for Securing Mobile Games

    The gaming industry, which produced $93 billion in revenue in 2014, is expected to grow by over 9% in 2015 to $111 billion. Much of this growth is due to the fastest growing segment—mobile gaming. However, many mobile gaming developers have not yet fully begun to understand the ramifications on long term revenue loss that hacking is costing them today.