Information Security Archives - Page 5 of 61

OWASP Top 10 for Mobile Apps: M8 – Code Tampering

8 February 20258 February 2025 by Krishna

Code tampering occurs when an attacker manipulates or alters the source code, binaries, or execution flow of a mobile application. This tampering can take various forms, including modifying the code to bypass security checks, reverse engineering to steal intellectual property, or injecting malicious code to steal sensitive data. Mobile apps, which often handle sensitive information like personal data, payment details, and corporate data, are prime targets for these attacks.

OWASP Top 10 for Mobile Apps: M7 – Client Code Quality

7 February 2025 by Krishna

Client code quality refers to the soundness, reliability, and maintainability of the code executed on mobile devices. The “M7” designation in the OWASP Top 10 highlights vulnerabilities resulting from poorly written client-side code. These vulnerabilities can stem from inadequate input validation, insecure coding practices, or the use of deprecated libraries.

OWASP Top 10 for Mobile Apps: M5 – Insufficient Cryptography

5 February 20255 February 2025 by Krishna

Cryptography, at its core, is the practice of securing communication and data through the use of algorithms and keys. For mobile apps, cryptography plays a crucial role in securing sensitive data, ensuring privacy, and maintaining the integrity of user interactions. However, *insufficient cryptography* occurs when an app fails to implement cryptographic algorithms or methods correctly, resulting in data being exposed or vulnerable to unauthorised access.

The issue of insufficient cryptography is particularly critical in mobile applications because of the increasing amount of sensitive information that these apps handle, such as financial data, personal identification information, passwords, and private conversations. Insufficient cryptography in this context means that sensitive data is not encrypted properly, or that weak or deprecated encryption methods are used, leaving the data open to attackers who can intercept, manipulate, or steal it.

OWASP Top 10: Insecure Authentication (M4)

5 February 20254 February 2025 by Krishna

OWASP Top 10: Insecure Authentication (M4) Authentication is the cornerstone of cybersecurity, serving as the digital gatekeeper for systems, applications, and data. Despite its critical importance, insecure authentication remains one of the most prevalent vulnerabilities in today’s digital landscape. The Open Web Application Security Project (OWASP) ranks insecure authentication as a key issue in its …

Continue

OWASP Top 10: M3 – Insecure Communication

3 February 2025 by Krishna

Insecure communication occurs when sensitive data is transmitted without adequate encryption or protective measures. This vulnerability enables attackers to intercept, alter, or steal data during transmission, exposing organisations to financial losses, reputational damage, and legal liabilities.