| Story Views | |
| Now: | |
| Last Hour: | |
| Last 24 Hours: | |
| Total: | |
Five Top Mobile Security Practices
Mobile app developers typically have no security training, whereas criminals attempting to hack into mobile devices are well-finance and highly motivated, Andrew Hoog, chief investigative officer of Oak Park, Ill.-based. viaForensics, told Mobile Marketing & Technology today.
Hoog will be a member of the security panel for the Mobile Marketing & Technology Spring 2013 Mobile Payments Conference, April 10-11 at the Helen Mills Event Space and Theater in New York City.
“We found through the many assessment that we do that security is challenging because mobile marketing and mobile payments is so new,” Hoog added. “Developers are more concerned on features and on building market share.”
There are several common security mistakes made by developers and hackers continue to improve their methods of attack, yet good security can be built into mobile apps, according to Hoog, who recommends a list of 42 best practices. The first five he lists are:
- Avoid storing sensitive data on the device: Any stored data, even if encrypted could be compromised.
- Avoid caching data on the device: Data can be captured in a variety of artifacts, including log/debug files, cookies, Web history, Web cache, property lists, files and SQLite databases.
- Avoid use of query string for sensitive data: Query string parameters are more visible and can be unexpectedly cached.
- Avoid crash logs: If the app crashes, the resulting log can provide valuable information to the attacker.
- Fully validate SSL/TLS: Many apps don’t do this, which leaves them susceptible to man-in-middle attacks.
2013-01-25 17:06:12
Source: http://mobilemarketingandtechnology.com/2013/01/25/five-top-mobile-security-practices/
Source:
