Application Security Is Getting Worse, Not Better

The app insecurity complex

  • Create fake apps or clones of existing apps via reverse engineering to trick users into providing credentials and other sensitive data as well as access to accounts. This is also known as “tampering.”
  • Install bots to launch attacks on websites and perform online betting and other transactions
  • Install malware on the device or on others in its network. In the infamous WhatsApp malware injection breach, attackers exploited a VOIP (voice over internet protocol) vulnerability in the mobile app that allowed them to inject malware into phones simply by calling them.
  • Skim credit-card information
  • Inject malicious scripts for clickjacking and formjacking
  • Provide access to sensitive stored data — via the device’s operating system, the development framework, cookies and preferences, and other avenues for attack
  • Eavesdrop on API communications to steal the data in transit — also known as a “man in the middle” attack

In-app protection techniques

Prevention

Detection

--

--

--

We help companies develop secure products

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

WordPress Security: A Blog Series

Don’t Ignore the Upcoming Trends of Electronic Signatures

{UPDATE} Sea plane Exotic Island Real Fly & Park Airplane Racing Game Hack Free Resources Generator

Access at arm’s reach, How IoT with LPWAN is revolutionizing the world!

Is Indian Atomic Research Targeted by Hackers?

Awesome Penetration Testing

Airdrop Alert: Airdrop of 100,000,000 QYU tokens Total Reward: $42,000,000 worth of QYU

What is a safe browser?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
CYBERCRYPT

CYBERCRYPT

We help companies develop secure products

More from Medium

Shallow Dive: HTTPS

Application is in Prod. Finally, my work here is done ! Or is it?

4 Reasons Why Banks Require an API Strategy

4 Reasons Why Banks Require an API Strategy

An Introduction to Open Source Program Offices (OSPO): a Community Conversion