“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”

― Stephane Nappom, Cyber Security Consultant

Truly said.

Recently, IBM has published research showing the evidence that attackers can misuse Apple’s Siri shortcuts for their wrong intentions. If these shortcuts are not configured properly, it will send the details to hacker including photos, videos, IP addresses and more.

According to CIO Magazine, one-third of all iOS enterprise applications are vulnerable to attackers. The situation is even worse for Android. In the world of mobile apps, cybersecurity threats are now evolving even faster along with emerging technologies like IoT; increasing the Cyber Security skill gap further.

With multiple operating systems and distributed nature of components, Enterprise application security remains one of the most difficult to solve the puzzle from last decade. Some common mobile security exploits affecting enterprise applications are:

Malware applications on user’s device exploiting other mobile applications

Botnet attacks to extract user information and keystrokes

Vulnerabilities in servers, integrated browser, and third-party libraries

Weak authentication and authorization

Hard-coded credentials and deployment in debugging mode

Injection flaws, such as SQL injection, LDAP injection, and CRLF injection

Security Misconfiguration

Insecure deserialization flaws

Cross Site Scripting (XSS)

Sensitive Data Exposure

Last year, Air Canada was a victim of mobile application data breach that affected 20,000 users. In that case, attackers had got access to all personal information including passport number, insurance details and more. Fortunately, the company was able to protect the credit card details of customers.

It’s just an example.

Below graphic shows the number of data breaches and records in the United States since 2005.

Implementing application security starts right from planning, and then relies on how faithfully the security guidelines have been followed throughout the software development life cycle.

So, what are the security considerations for mobile applications?

We created this exhaustive list of common mobile application security checklist that you can use to reduce the number of vulnerabilities present in your application:

#1 Evaluate Open Source Codes or Third Party Libraries

Open source is changing our world, speeding up development and deployment. In certain cases, we have seen enterprises applications containing as much as 90% open source codes which is both good and bad at the same time.

While rapid software development promotes using open source codes, most developers incorporating a third-party code won’t log this information. When integrated with millions of lines of code, this third-party code often goes unnoticed, untested for security.

Last year, due to a third-party code involved, more than 1400 vulnerabilities were introduced into ColdFusion’s Pyxis supply station. Most of these vulnerabilities allowed attackers to exploit the system remotely.

We insist on keeping a security policy that any 3rd party or open source code being added has to go through exhaustive security testing to ensure that deployment of this code in production environment won’t make the application vulnerable.

One should also remain updated with CVE’s dictionary to keep in touch with common known security vulnerabilities in open source tools.