Top 10 Mobile App Vulnerabilities: Guidelines for Mitigation

With increasing sophistication in mobile application development, there is an equally important need of improving mobile application security mechanisms. Mobile application vulnerability is prevalent irrespective of the operating system and the mobile device on which the apps are installed. How are these vulnerabilities related to mobile app security? What are the best techniques of building …

Continue reading

XML Injection In Android Apps – OWASP Top 10

XML stands for Extensible Markup Language and it was basically designed to describe data. XML is commonly used as a data format on the Internet. If you want to access data from the Internet, chances are that the data will be in the form of XML. If you want to send data to a Web …

Continue reading

Potential XSS in Servlet – Android App Security

A Servlet is a Java programming language class that is used to extend the capabilities of servers that host applications accessed by means of a request-response programming model. Although Servlets can respond to any type of request, they are commonly used to extend the applications hosted by web servers. For such applications, Java Servlet technology …

Continue reading

The Aftermath of Stagefright in Android

Stagefright seems to be the operative phrase in security today. Discovered by Joshua J. Drake, VP of platform research and exploitation at Zimperium zLabs, it potentially impacts 95% of Android devices globally. Zimperium publically disclosed the finding at the BlackHat Conference 2015, after disclosing the bug to Google early  in April this year. The Stagefright …

Continue reading

All You Wanted To Know About OWASP Top 10 Mobile Security Project

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Its mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. OWASP  provides de facto application security standards with the aim to normalize the range in …

Continue reading

Mobile App Security: Why You Should Care?

With the increase in the dependence on smartphones, its security is becoming a major concern for users, application developers & CIOs/ CISOs alike. In addition to these concerns, encouragement of the trend called BYOD is calling enterprises to act fast on mobile app security as as close to 84% of consumers use the same smartphone for work …

Continue reading

How vulnerabilities in Starbucks’ mobile app led to fraud?

Vulnerabilities in Starbucks’ Mobile App laid pavement for a new way of fraud in the world, making the users to go on back-foot on the usage of mobile payments. How did it happen? How vulnerabilities in Starbucks’ mobile app led to fraud? The increase in technology is not only improving the performance of a user but …

Continue reading

Unintended Data Leakage through Mobile Apps – OWASP Top 10

Unintended data leakage very commonly occurs, when a mobile app developer keeps sensitive data accessible for other apps over the device. Generally, when an app processes any sensitive data in the form of input from the device user will result into placing it in an insecure location over the device. This location is obviously accessible …

Continue reading

Server Side Vulnerability – Android App Security

While developing an Android app, the major concern of the developer is the working and user interface of the app. Most developers fail to consider the possible vulnerabilities in the app. There are basically two types of attacks on an Android application, namely, Client-side attack and Server-side attack. Client-side attacks are performed on the mobile …

Continue reading

Insecure Data Storage in Android Apps- OWASP Top 10

Android provides various options for data storage. There are different options available depending on the type of data to be stored. Data can be stored in Android as databases, files, or preferences, in internal or removable storage. When the development team assumes that the users or malware will not access the sensitive information stored in …

Continue reading