Building Security into Apps: How and Why You Need to Detect Threats
With so many devices tied to an endless number of personal accounts and running a myriad of applications and services, security has to be at the forefront of any user’s mind. In a perfect world, developers and testers are also constantly asking themselves “How can I make this more secure?” so that users don’t have to stress whenever they unlock their phones.
Even if software security has become both a hot topic and a major priority in most businesses, it’s important to note that actually creating a mobile or web application that’s not porous might be more difficult than ever.
Why? It’s not due to a lack of attention toward the topic of hacking and security. Instead, veteran developer Mike Benkovich explains that there are just so many more components we have to deal with that were absent before.
“When you build software, it's so much componentry now. I'm going to go out and download this component, and put jQuery, and put Backbone, and Ember, all of these different things, and it's hard to keep up with all these different names,” Benkovich said. The other thing is, some of these have known vulnerabilities.
“There's a couple of them. I think Spring and there was something on Apache, something CBG, which is like a service sweep, that had known exploits, or known vulnerabilities, but still there's twenty-two million downloads and embedded in the application.”
How are we expected to keep up? You could take time to both evaluate your security risks and make a conscious effort to bolster your defense. The Boston Business Journal suggests that you identity your specific strengths and weaknesses, make sure security awareness is a cultural pillar within your team, and continually assess your security.
Outside of the company culture, Security Intelligence provides its own unique “secret sauce” for a successful security platform. This platform should include a flexible security development platform, very basic out-of-the-box security applications for common needs, and maybe most importantly, an open ecosystem to create and push new values between those with whom your company works.
If you’re looking for an even more concrete, immediate solution to security, Benkovich suggests a method called threat modeling. Here, the idea is to identify all the different locations where information is coming in and going out in order to document it. That way, you can at least know from where these risks might be coming.
“You end up with a spreadsheet that's got a list of all these things, and it's got a score,” Benkovich continues. “You multiply it out and say, ‘Here are the ones that are most likely to be exploited, little impact but multiplied by a billion users, okay, that's bad.’"
Whether you change your team culture, use threat modeling, or find your own solution, it’s never been more critical to make software security a company-wide initiative. Even the fastest, most useful apps won’t survive on the marketplace if users don’t feel safe downloading them.