s
About Us
Lorem Ipsum is simply dummy text ofering thetonat sunrising printing and typesetting industry seo is partysipati carma. Lorem Ipsum is simply dummy,
Follow Us

Mobile Application Security: Overview Of Practices To Plug Vulnerabilities – 3

Mobile Application Security: Overview Of Practices To Plug Vulnerabilities – 3

Mobile applications communicate with their backend servers over a network. This communication involves verifying identity, sending messages, and accepting/rejecting connections that request for a dialogue. Various aspects need to be configured carefully to ensure no security loophole exists. A few such potential vulnerabilities are narrated below.

Release_3

Certificate Pinning

Mobile apps and their servers communicate with each other. It is vital to verify identity at the beginning. ‘Certificates’ are used for this purpose. However, if an app does not have a copy of the certificate, then it may be deceived by an impersonator, breaching its security.

Read More…

Risks of Not Setting Secure Flag Attribute in Cookies

Server configures cookies at client-side. So, servers decide what type of connections apps can communicate with. If apps are allowed to communicate with non-secured with connections, then their messages’ data could be obtained by an attacker, who misuses it.

Read More…

Setting Cookie Path Attribute

The ‘Path’ attribute in a cookie decides upon the requests that the application would respond to. It is recommended to set the path to the bottom-most folder of the server’s folder structure, where the app’s functionality lies.

Read More…

SSL and TSL Protocol Based Vulnerabilities

SSL and TLS protocols are used for securing communication. Older versions of these protocols have a few vulnerabilities. If an application supports that versions then an attacker may force the app to use those, and obtain the traversing information.

Read More…

Unsafe HTTP Methods

HTTP methods are used for communication by mobile apps and their backend servers. These methods are not entirely safe, though. So, it is advisable to disable all the HTTP methods that are not useful, thereby keeping the potential vulnerabilities to a minimum.

Read More…

Using Raw SQL Queries

Raw SQL queries allow users to specify query parameters. This is a potential loophole, as a user with malicious intent can inject a malware by defining an additional parameter. That is the reason why parameterized queries shall be used, which do not allow users to define parameters.

Read More…

No Comments

Leave a Comment

Get In Touch
close slider