Application security. Why should you care?

security mobile Application security. Why should you care?

 
Nowadays you may notice that so-called “cyber attacks” have become as dangerous as “real life” crimes. You can name dozen of big brands that have become hacker’s victims in past years – Valve, Sony, Microsoft (some might also recall Ashley Madison). These cyber attacks were not that big – all those leak issues were resolved with simple password change. But there is always something bigger, right? More than 1 billion dollars was stolen via Internet in 2015, and that’s… Well, that’s plenty!

Hackers are always in search of new methods of breaking various security walls, while security specialists are always in search of new methods to improve their defence – it’s a vicious circle.

Banking, e-commerce, social networking – all of these industries are really vulnerable, especially when we are talking about their cyber security. Companies spend millions of dollars to fix their security “holes”, because possible loss from cyber attacks can be much greater than security improvement expenses.

Unfortunately, nowadays cyber attack is more than just a scary word (especially if your business is located in developed country). Learn more about most “popular” threats with our infographics:

Common threats

Number one in 4 out of 6 countries – that’s pretty impressive for a “virtual threat”. So, if your project requires high-level security and user data safety, it’s time to ask yourself a question: how can you provide this level of security? Let’s find out!

 

Application’s security. How to achieve it?

 

We’ve said it many times, and going to say it once more: product’s security (as well as its success) depends on cooperation between client and development team. There are some major points that should be considered before starting web or mobile applications development:

 

  • Technology stack. Development team must know pretty much everything about technologies that they are working with. This implies knowledge about both advantages and vulnerabilities of each technology. If you use SQL-server for your product, inexperienced developer can leave many security holes for hackers to break into. For example – SQL injection. All your server data can be modified or even deleted in a blink of an eye. Understanding of your technology means that you understand all possible consequences of using different solutions.
  • Ready-to-use libraries / frameworks. This helps to solve two problems simultaneously – your development team doesn’t have to develop some modules from the scratch plus you’ll be able to cut your expenses on development  (in case if you are going to use free open source libraries / frameworks). There are plenty of free modern solutions (for instance, Spring Security) that ensure high level of security.
  • Experienced development team. Words “cheap” and “good quality” are quite incompatible. Same goes for “cheap” and “secure”. The point is quite obvious, but it’s a common situation when company tries to cut expenses on most basic things. Besides of good programming skills, your development team should have a basic understanding of your industry and your goals.
  • Good project specification. Of course, it depends on the client, but development team can consult him. Application can be impenetrable for external threats, but it can be really vulnerable for internal threats. Any secure mobile or web application should have thought-out logic. For example, app should have specified access levels for different users, list of possible actions for each level, etc.
  • Right choice of project’s programming language. Yep, that’s important too. Different languages imply different approach to project’s architecture, team creation, time planning, etc. Two of the most popular programming languages for web projects are Java and PHP. If you want to learn more about which language to choose for your web application, you can read our “Java vs PHP comparison” post.
  • QA. You can’t skip application security when we are talking about quality assurance. The higher threat level is, the more tests you have to go through with your web or mobile app. If your project is big enough, you should consider using both manual and automation testing.

 

Of course not every mobile or web application out there needs security level that high. Sometimes additional security can add only new expenses and nothing useful. For instance, if you app does not contain any private data. Or maybe your app is an offline application? Basic principles of safe programming should do the trick.

Here at Smartum we take mobile and web security questions seriously. If you need a secure mobile or web application, contact us! We are always ready to help you with your ideas!

Application security. Why should you care?
4 (80%) 2 votes
×
Яндекс.Метрика

We're moving to our new site. Check out our new slick design! Let's do it!