Fintech or Finance-technology is today one of the fastest-growing industries across the world, encompassing segments such as payments and remittances, wealth management, credit technology, blockchains, regulation technology, online insurance etc., each of which are whole industries in their own right. Driven by digital innovation, fintech is rapidly changing the way individuals and businesses perform financial transactions, be it to shop online, pay insurance premiums, evaluate credit scores or pay salaries.
FBI Director Robert Mueller once said, “There are only two types of companies: those that have been hacked, and those that will be.” Every business, no matter its industry or scale, is a potential target and unless there is a strong security culture in place, odds are that a breach will occur, causing a loss of information, leakage of critical data or direct financial fraud. We have witnessed organizations across finance, healthcare, governance, retail, transportation, energy and education targeted by cyber-criminals in the last one year alone.
Entersoft Security in collaboration with IOT Forum India and TiE Bangalore conducted IOT Hackfest on 7th November 2017 at the TiE Bangalore office.
What follows in the article is a brief overview of a OWASP Top 10 2017 vulnerability - A7-Insufficient Attack Protection.
This post is useful for beginners who want to understand about Insufficient Attack Protection and for developers to help protect their applications against this vulnerability.
Whenever a user with malicious intention visits any application, his first motive is to damage the application or to create a sense of panic among the application’s admins or users who are using the application.
It is natural behaviour for most attackers targeting an application to perform extensive research about the application, its services and categories of users accessing the application. The research usually starts with an ‘information gathering’ phase which includes collecting information about the application stack and usernames that are available to any random user who has access to the application, in addition to observing contact-us forms’ structures.
Once the attackers have enough information about the application, they try to start with their attacks on the application.
Lack of security standards at any market place makes it difficult to manage security controls at an application level. Having a strong security checklist in place not only improves app security but the ecosystem involved in the development process, as well. Also, robust security standards and well set guidelines differentiate a platform from the others.
Topics: Android App Security, Android Best Practices, Android Security, Application Security, Application Security Guidelines, Playstore Security guidelines, Security Checklist, Security DOs, Security Guidelines