Web- and cloud-based applications are being developed at a breakneck pace as technology advances more quickly than ever before. Companies that aren’t first to market often are left behind, but putting speed above security has led to a serious consequence: Many applications are fundamentally flawed, making it possible for hackers to steal critical data, hijack user inputs, or deny service entirely.
About 85% of popular free Android apps and 45% of the same free Apple IOS apps were found to have been hacked according to a study done in 2015.
Better security isn’t impossible. In the SlideShare below by Column Information Security, you will learn the top security threats found in said applications and how to counter them.
Here is a look at three of the threats:
2. Web- and cloud-based applications are being developed at a breakneck pace as technology advances more quickly than ever before. Companies that aren’t first to market often are left behind, but putting speed above security has led to a serious consequence: Many applications are fundamentally flawed, making it possible for hackers to steal critical data, hijack user inputs or deny service entirely. Better security isn’t impossible. The following slides present an application security checklist — a look at how your company can counter the impact of seven top application security threats.
6. Threat No. 3 | SQL Injection Many apps now include “username” and “password” fields that use structured query language (SQL) to make a database request, typically using the “SELECT” query. But many apps don’t block the use of other SQL commands in these fields, making it possible for hackers to exploit common access points to gain total database control. This is especially problematic thanks to the rise of automated tools that can spam apps with SQL requests to see what works. At least one estimate says 60 percent of all web apps are vulnerable to SQL injection. 60% Vulnerable of all web apps are
10. Threat No. 6 | Hijacking Sessions To ensure users enjoy an optimal app experience, many developers build in a session ID, a unique identifier for individual application sessions. A new ID is generated for each subsequent visit so data from a previous session can’t be used to corrupt a current connection. The problem is that hackers able to intrude on a session in progress may also be able to hijack session IDs (often stored in “cookies”) and take user-end control. There may be no foolproof way to prevent this. It’s recommended that you do not turn off “cookies,” since this lowers overall security. Ideally, you want session IDs that are randomly generated and encrypted to be paired with an application that’s able to detect hacking attempts.
