Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

7 characteristics of a secure mobile app

Dan Kuykendall | Sept. 25, 2013
Keeping a mobile application secure is tough, but not impossible, and certain aspects of session management can go a long way.

7. Don't allow modified requests.
Rather than repeating a request, an attacker may choose to modify it. For example, the attacker may transfer money to a different account altogether. This can be prevented by using a shared secret or a cryptographic keypair. Creating an HMAC of the request and sending it to the server with the request allows the server to confirm that the request has not been modified.

In order to build robust mobile applications, developers must check each measure off this list. Any single one left unaddressed leaves an application open for attack or abuse. However, it is easy to see how they all work together: By distrusting the client (no. 1) or assuming that an attacker is eavesdropping on communications (no. 2), the developer will want to limit the amount of time an attacker has to attack the application (no. 3). A secret key (no. 4) can be used to sign the content (no. 7), including the time stamp (no. 5) and the NONCE (no. 6) to ensure that none of those three data points are modified.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.