Mobile app traffic outpaces web traffic and offers an essential way of engaging with customers. However, companies put themselves and their customers at risk when they don’t invest enough time and money guarding against mobile app security and privacy vulnerabilities. Organizations can cost effectively manage risk across the entire mobile app portfolio by deploying automated mobile app security testing software.
The California Consumer Privacy Act (CCPA) took effect on Jan. 1, 2020, and is currently the toughest, most comprehensive privacy law in the United States. It has also spawned state privacy laws and proposed legislation. Given the level of personal data that mobile apps collect, store and transmit, companies must ensure their apps safeguard sensitive information and comply with CCPA and other relevant privacy laws.
Although we recommend periodic in-depth pen tests for high-risk mobile apps that run business-critical processes or access sensitive information, this practice doesn’t scale well for DevOps teams. Mobile app pen testing requires intense human labor that simply can’t keep pace with the volume, velocity and frequency of DevOps releases. Many organizations can benefit from incorporating automated mobile appsec testing in the mobile DevSecOps toolchain to speed the delivery of secure mobile apps.
Recent enhancements to the Frida open-source dynamic instrumentation toolkit greatly ease the process of conducting jailed testing. You no longer have to manually package the Frida Gadget in your target app. As long as the app is debuggable, Frida does that for you. This post will walk you through the process of using Frida on a jailed device.
Many people have heard about mobile man-in-the-middle (MiTM) attacks but aren’t sure just exactly what they are or how they happen. Learn more including the development and security issues that can leave apps vulnerable to MiTM attacks, tips for testing and the layers of network defense that can help you avoid these issues.
To improve the guest experience and keep pace with competition, hotels worldwide are deploying digital key technology that allows guests to skip the front desk and use their mobile apps to remotely check in and go directly into their rooms without needing key cards. However, hotel mobile apps have vulnerabilities that can be exploited, as researchers demonstrated at the Black Hat USA 2019 conference.