Difference between revisions of "IG/Mobile Security analysis"

From Web Security
< IG
Jump to: navigation, search
(Identified perceived weaknesses)
(Identified perceived weaknesses)
Line 7: Line 7:
 
* certificate/key management
 
* certificate/key management
 
* difficulty to protect against XSS/CSRF attacks
 
* difficulty to protect against XSS/CSRF attacks
* difficulty to gatantee integrity of the code of the app (and thus greater exposure to
+
* difficulty to garantee integrity of the code of the app (and thus greater exposure to
 
attacks)
 
attacks)
  

Revision as of 15:50, 17 October 2013

This page is under construction. This page is gathering fragmented opinion/ideas about the perceived weaknesses of the web on the mobile, compared to native app in open environment.

Identified perceived weaknesses

  • lack of encrypted storage
  • impossibility to manage remotely locally-stored data for a given Web app
  • certificate/key management
  • difficulty to protect against XSS/CSRF attacks
  • difficulty to garantee integrity of the code of the app (and thus greater exposure to

attacks)

Web app lifecycle

  • app design (including functions made available to the web developers)
  • app packaging
  • app deployment/update
  • app usage (include the user granted rights)

blockers today and how to improve the situation

  • standard cannot be based on a specific hardware feature => some and correct level of abstraction is needed based on, the gaps seen by different industries, so the spec may not directly depend on whatever hardware there is, but the security concepts that is introduced by having such software/hardware components in the system. [Mete Balcı, Pozitron]
  • standard are not sponsored by the security senistive interested parties [Anders Rundgren]