Mobile Application Security: Overview Of Practices To Plug Vulnerabilities
Mobile applications communicate with their backend servers for a variety of reasons. This communication involves authentication, data transfer, and acknowledgements. Since these dialogues take place over networks, many aspects need to be considered from the security perspective. A list of six such issues is given below.
Server Header Disclosure
Messages have a couple of sections: header and data. Header section provides information about the server and enclosed data. The server-related information may reveal information that would help attackers.
Strict Transport Layer Security
A server can dictate if its mobile application shall communicate over non-secured connections. Allowing mobile apps to exchange messages using an insecure link poses security threats.
Improper Error Handling
Servers show error messages when an error condition occurs. It is necessary to ensure that these messages do not disclose any sensitive information about the server’s file system or database.
Displaying Stack Traces in Error Messages
Error messages may disclose internal functionality. This information could be used for malicious purpose. Attackers may breach an application’s security and steal data, delete the account, access confidential information etc.