Study on HP nine-tenths for mobile applications vulnerable to attacks
New York-HP today announced results from a study has revealed that the mobile applications represent a real security threat, security vulnerabilities affecting the nine people on the Forbes Global 2000 enterprises published representative samples in 10 mobile applications.
According to this study, 97% test equipment for mobile application access to at least one private source of information, as well as 86% who do not have sufficient security measures in these applications, to protect against the most common attacks.
As computing has become borderless, rivals are increasingly bypassing perimeter security and ease of use, and took more and more applications and entry points for the advantage of any loophole. According to a Gartner company, mobile application stores will see annual downloads of 2,013,000,000,102, up to 64 billion in 2012 (1) peak needs for business managers to significantly improve, as they deploy mobile applications faster, and bring more development to third parties. This leads to less safety oversight, and stressed the need for a mobile security policy, so that enterprises from "fast market", with "safe, fast to market. â€
"While mobile devices are becoming more and more important to carry out operations, they have also become the main target of the attack, vulnerable application provides access to sensitive data," Mike Armistead, Vice President and General Manager, enterprise security product, Fortify, HP said. "Mobile application is now against the enemy and the first line organizations must be able to assess, guarantee and protection of damage for these applications to prevent vulnerabilities. â€
Sensitive company data and personal information are often placed in unsafe devices side-by-side. This introduces easy to solve can be solved if they were found and unnecessary vulnerabilities. HP HP investigation of Fortify on demand from more than 600 companies have scanned more than 2,100 more than mobile applications, show the number of attacks more shocking reality.
Report the most common and easiest source addressing vulnerabilities include:
Privacy issues: scan 2,107 mobile application, 97% access to private data sources, including the personal address book, social media pages, such as Bluetooth or Wi-Fi connection options. In these applications, there were 86% people do not have sufficient security measures to protect them from the most common vulnerabilities, such as misuse of unencrypted data, cross-site scripting and unsafe for data transmission.
Binary of the lack of protection: the application being tested, 86% lack of dual-hardening, makes applications vulnerable to information disclosure, buffer overruns and poor performance. To ensure security throughout the application life cycle, it must be based on a conception of security best practices.
No secure data storage: 75% applications on mobile devices, it makes accessing the attacker does not encrypt data stored data without using the correct encryption technology. This data including passwords, personal information, the session token, files, chat history and photos. This is seen and used a malicious attacker can repeatedly violated corporate governance policies and compromise the reputation of the enterprise, if disclosure of sensitive trade secrets of competitors, media or any other type of negative consequences of recipient data is not encrypted.
Transportation Security: 18% application test via HTTP to send user name and password. Remaining 82%,18% correct implementation of SSL/HTTPS. These non-protected credentials are often not only used in mobile applications, Web applications but also by their peers. This would further increase the problem, because on the same network, a malicious attacker can then sniff the data.
Laid the Foundation of a basic security policies for mobile applications allows organizations to identify vulnerabilities before they can be used. Almost all of the vulnerabilities can be found by simply releasing or mobile application security assessment tests before running repair. This is the most common vulnerabilities and assess whether the data is passing a malicious or unsafe storage. HP Fortify opponents demand to enable enterprises to assess the vulnerability of mobile applications as a whole, ensure that security vulnerabilities before deployment are addressed, once put into production and to protect applications from attack.
"Software development is not a perfect science, but it is necessary, we must be in place to protect members of our Credit Union's powerful security assurance process," wadeatuer, Senior Vice President and Chief Information Officer, affinity credit union said. "With emerging technologies such as mobile applications, where things are changing very quickly, the independent HP Fortify experiences and supervision provided, that makes the whole process more secure. â€