Arxan Reveals New Mobile App Attacks Requiring A Paradigm Shift Away From Traditional App Security to Mobile App Security
Arxan Helps Expand OWASP Knowledge on App Integrity Attacks and Proactive Defenses at 2013 AppSec USA Conference
New York, NY, November 19, 2013 – Arxan Technologies,the industry-leading provider of software security solutions that protect the App Economy, today published new in-depth research that reveals prevalent mobile app integrity and reverse engineering risks. Arxan will be presenting their findings during the OWASP AppSec USA conference, November 18-21 in New York City.
As industries increasingly shift to mobile first application innovation and employees leverage mobile devices for productivity gains, vulnerabilities at the mobile application layer are a top concern for IT decision makers. The application security industry has traditionally focused on identifying and preventing programming flaws that attackers can exploit remotely. While appropriate for centralized web environments, a focus on programming flaws is not sufficient for the new threat landscape in mobile apps. Unlike in the web, mobile app binaries are running in distributed environments and can be directly accessed and compromised by attackers. This presents a range of new reverse engineering, code analysis, code modification, and injection threats that call for an evolution in the application security paradigm towards proactive defenses embedded inside mobile apps. Without a deliberate understanding of integrity and reverse engineering risks and required mitigations, application providers may be subject to a range of business risks such as fraud, data theft, intellectual property theft, revenue loss and piracy, and ultimately brand compromise.
Arxan, as an OWASP corporate member and conference sponsor, is expanding its role as a key contributor to the OWASP Mobile Security Project and OWASP Defenders Community. Arxan is actively contributing its knowledge gained from helping a diverse enterprise and ISV customer base to protect more than 250 million apps to the wider OWASP community. In addition to helping the OWASP community better understand and analyze the new risk landscape prevalent with mobile apps, Arxan is contributing to OWASP’s research based initiatives such as the Mobile Top Ten, Mobile Threat Model, and Cheat Sheets for Mobile Security Testers and Developers as well as sharing its knowledge on proactive defense principles and anti-tamper and anti-reverse-engineering techniques with OWASP Defenders Community.
Arxan’s new technical research paper “Threats to Mobile Apps in the Wild – A Review of the Risks to the Integrity and Confidentiality of Mobile Apps from Binary-Level Attacks” is now available for public download at http://arxan.co.jp/resources/white-papers/.
The paper describes prevalent attack risks and recommended mitigation defenses in the following categories:
Code Modification or Code Injection Risks such as:
Repackaging, Swizzle with Behavioral Change, Security Control Bypass, Automated Jailbreak/Root-Detection Breaking, Presentation Layer Modification, Cryptographic Key Replacement.
Reverse Engineering and Code Analysis Risks such as:
Exposed Method Signatures, API Monitoring, Exposed Data Symbols, Exposed String Table, Cryptographic Key Interception, Algorithm Decompilation and Analysis, and Application Decryption.
Business Risks such as:
Brand and Trust Damage, User Experience Damage, Identity Theft Privacy-Related Data Theft, Confidential Data Theft, Revenue Loss and Piracy, Business Logic Bypass, Repudiation, Unauthorized Access and Fraud, and Financial Charging.
For more information, stop by Booth #35 and“Spin the Guard Wheel” for a chance to win an Amazon Kindle Fire. To schedule a meeting during AppSec USA, please email: email@example.com
ABOUT ARXAN TECHNOLOGIES
Arxan protects the App Economy from attacks in distributed or untrusted environments with the world’s strongest and most deployed application integrity protection products. Among today’s diverse computing platforms, mobile and tablet apps and packaged or embedded software are all exposed to hacking attacks such as reverse-engineering, tampering, insertion of malware/exploits, repackaging, fraud, intellectual property theft, and piracy. Arxan’s unique patented Guarding technology enables sensitive or high-value applications to proactively guard their own integrity by defending, detecting, alerting, and reacting to hacking attacks through a risk-based, customized protection. Arxan’s self-defending and tamper-proof applications are deployed on more than 200 million devices by leading Fortune 500 organizations in high-tech, ISV, financial services, digital media, gaming, healthcare, and other industries. Arxan Technologies is headquartered in the United States with global offices in EMEA and APAC.
Follow us @Arxan or http://www.linkedin.com/company/arxan-technologies
Arxan: Protecting the App Economy™. Share your thoughts on application protection using hashtag #protectyourapps
This is a widget ready area. Add some and they will appear here.