Software Integrity Blog

Archive for the 'Mobile App Security' Category

 

[Webinar] Mobile application hardening for business-critical apps

Mobile apps often protect themselves via internally developed controls and commercial products. Learn about how some controls work and how to sidestep them.

Continue Reading...

Posted in Mobile App Security, Webinars | Comments Off on [Webinar] Mobile application hardening for business-critical apps

 

Mobile apps: Insecure by default

There’s a lack of robust mobile app security on billions of devices people carry around. Why is it such a problem, and what can developers do to solve it?

Continue Reading...

Posted in Mobile App Security | Comments Off on Mobile apps: Insecure by default

 

What happens when your CISO has one of those days?

A CISO having a bad day finds out the hard way that cutting corners on software security testing might end up costing him more than he saved.

Continue Reading...

Posted in Mobile App Security, Web Application Security | Comments Off on What happens when your CISO has one of those days?

 

Top 10 software vulnerability list for 2019

The software flaws and weaknesses on our top 10 software vulnerability list for 2019 are easy to find and fix with the right application security guidance.

Continue Reading...

Posted in Mobile App Security, Web Application Security | Comments Off on Top 10 software vulnerability list for 2019

 

Fixing the CVE program, your personal data checking out and taking flight

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Fixing the CVE program, your personal data has already “checked out,” and it even “may potentially” have taken flight. Watch this week’s episode below to see why these stories are trending or read the transcript below.

Continue Reading...

Posted in Data Breach Security, Mobile App Security | Comments Off on Fixing the CVE program, your personal data checking out and taking flight

 

Golden Cup app was a world cup of trouble

The Golden Cup app on Android targeted World Cup fans with a spyware campaign dating back to January aimed at members of the Israeli Defense Force (IDF).

Continue Reading...

Posted in Mobile App Security | Comments Off on Golden Cup app was a world cup of trouble

 

Are Android OEMs responsible for the gap in mobile security updates?

Google started releasing monthly security updates for Android back in August 2015. Modern Android devices show you the latest monthly patch level that has been applied. The responsibility for deploying the patches ultimately falls on original equipment manufacturers (OEMs) and carriers, who need to test the security updates on their devices to ensure that they do not break any functionality. Google does provide updates for its Nexus and Pixel devices directly to end users, but given how Android is designed, Google cannot simply push out arbitrary security updates to all Android devices. Do OEMs have to push out updates? The problem is that OEMs and carriers are responsible not only for pushing out the updates but also for displaying the latest month for which Google’s monthly updates have been applied to a device. There may be legitimate reasons why an OEM or carrier may choose not to push out a security update for a particular type of device. For example:

Continue Reading...

Posted in Mobile App Security | Comments Off on Are Android OEMs responsible for the gap in mobile security updates?

 

Survey: Mobile and web apps are top security challenge

A Synopsys survey reveals that the security of customer-facing web and mobile apps is the top security challenge for IT professionals in Asia.

Continue Reading...

Posted in Mobile App Security, Web Application Security | Comments Off on Survey: Mobile and web apps are top security challenge

 

iPhone X Face ID: Evaluating the security of biometric systems

Several frameworks have been proposed to evaluate the security of biometric systems. Popular ones include the simpler Ratha’s framework [1] and the enhanced Bartlow and Cukic framework [2].

Continue Reading...

Posted in Mobile App Security | Comments Off on iPhone X Face ID: Evaluating the security of biometric systems

 

How secure is iPhone X Face ID facial recognition?

Written in coordination with Grant Douglas

Continue Reading...

Posted in Mobile App Security, Software Architecture & Design | Comments Off on How secure is iPhone X Face ID facial recognition?