In the rush to get apps to market, security is often overlooked. We’re glad to see a growing concern for this issue. However, a lack of standards for development and testing only further complicates the problem.
With every business from the tiniest SMB to the largest enterprise looking to plant its flag in the ground with regard to mobile applications, the mobile app development boom is on in a very big way. Amid this blind rush to beat the competition to the market, mobile developers are feeling their way around in the dark — and with a development environment still in its infancy and no real standards to lead the way, it’s an adventure for all parties involved.
Particularly scary to many security professionals is the fact that the speedy mobile development cycle and this lack of experience in the platforms is causing coders to throw all of those secure development principles the industry has fought for over the past five years right out the window when it comes to mobile apps.
The difficulty is that even for established firms that are aware of their risks and want to securely code their mobile apps, there are few standards for development and very few tools for testing code for vulnerabilities. “Some of our clients are developing mobile applications to be introduced to their customers, and we are doing reviews of those to make sure they’re secure before they get rolled out,” says Scott Laliberte, managing director with security consulting firm Protiviti.
“That has required us to rethink our application-testing methodologies because testing mobile apps is quite a bit different than testing normal applications. Identifying the key risks and the technologies you need to use to test it properly is a challenge, and lack of standards is another big challenge.”