When it comes to building secure mobile applications, errors most often occur in session management. By themselves, these mistakes do not present a significant risk, but the more mistakes made, the more vulnerable the application. And therein lies the problem: I often find several of these errors in any given app.
In my upcoming talk at OWASP AppSecUSA 2013, I will detail one example of a vulnerable mobile app, in this case, a popular fantasy football application that when hacked, allowed individuals to change team line-ups and post imposter comments. Users who have not updated their mobile app to the most recent version are at risk of having their line-ups manipulated by other league managers or troublemaking hackers. Of course, this was fun for me, but also enlightening. My ongoing research continues to unearth patterns in session management vulnerabilities.
In the meantime, here is a checklist based on common mistakes that developers and security professionals can use to ensure proper session management of their mobile applications.
SOURCE: csoonline.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…