when relevant content is
added and updated.
With the Gartner Security & Risk Management Summit kicking off today in London, UK — the Computer Weekly Developer Blog figured that this would be the right time to feature guest commentary from Tom Karren, former developer and CEO of Moki, a mobile application security company.
Why prioritise security
It’s refreshing to be at an event where security is the focus of discussion.
I find that it’s often difficult to get mobile application developers to prioritise security. But apps are becoming a significant target for malicious attacks… and precaution is paramount.
Development workflow for security
Integrating security practices into development workflow can quickly fall by the wayside when developers are under the gun to churn out new updates and products as fast as possible. However, app security failures can bring companies under great scrutiny, for example, when it was discovered that Fandango’s app left sensitive personal information at risk from predatory apps earlier this year.
Companies that deal with a large volume of personal information such as HP and Walmart are continuing to utilise apps to engage with their customers — and appropriate security measures are vital.
Why security failures happen
I think the majority of security failures happen in one of two situations: First, when developers don’t consider security a priority and choose not to take the appropriate steps; and second, when well-meaning developers, many of them new to the industry, are not well informed about what needs to be done to secure an app.
Some of the most common mistakes I’ve seen centre on developers trying to cobble together a security plan at the end of development, when it should be incorporated throughout the process.
I’ve also seen many developers do an excellent job securing parts of their code, but they neglect to take a step back and look at their code as a whole. Security needs to be holistic and systematic.
Editorial note: Moki says it helps to make sure applications are secure before they go to market by testing them and showing their vulnerabilities.