Difference between revisions of "IG/Mobile Security analysis"

From Web Security
< IG
Jump to: navigation, search
(Created page with "This page is under construction. This page is gathering fragmented opinion/ideas about the perceived weaknesses of the web on the mobile, compared to native app in open environm…")
 
Line 10: Line 10:
 
attacks)
 
attacks)
  
= web app lifecycle =
+
= Web app lifecycle =
 +
* app design (including functions made available to the web developers)
 +
* app packaging
 +
* app deployment/update
 +
* app usage (include the user granted rights)
  
 
= blockers today and how to improve the situation =
 
= blockers today and how to improve the situation =
* standard cannot be based on a specific hardware feature => some and correct level of abstraction is needed based on, the gaps seen by different industries, so the spec may not directly depend on whatever hardware there is, but the security concepts that is introduced by having such software/hardware components in the system.
+
* standard cannot be based on a specific hardware feature => some and correct level of abstraction is needed based on, the gaps seen by different industries, so the spec may not directly depend on whatever hardware there is, but the security concepts that is introduced by having such software/hardware components in the system. [Mete Balcı, Pozitron]
 +
* standard are not sponsored by the security senistive interested parties [Anders Rundgren]

Revision as of 15:49, 17 October 2013

This page is under construction. This page is gathering fragmented opinion/ideas about the perceived weaknesses of the web on the mobile, compared to native app in open environment.

Identified perceived weaknesses

  • lack of encrypted storage
  • impossibility to manage remotely locally-stored data for a given Web app
  • certificate/key management
  • difficulty to protect against XSS/CSRF attacks
  • difficulty to hide the code of the app (and thus greater exposure to

attacks)

Web app lifecycle

  • app design (including functions made available to the web developers)
  • app packaging
  • app deployment/update
  • app usage (include the user granted rights)

blockers today and how to improve the situation

  • standard cannot be based on a specific hardware feature => some and correct level of abstraction is needed based on, the gaps seen by different industries, so the spec may not directly depend on whatever hardware there is, but the security concepts that is introduced by having such software/hardware components in the system. [Mete Balcı, Pozitron]
  • standard are not sponsored by the security senistive interested parties [Anders Rundgren]