Week 16 - application security part 2 Flashcards
Application security control is?
techniques to prevent an application from behaving in a way that can compromise the security of data
code obfuscation
used against reverse engineering - hide information using encryption
anti debugging in apps
anti debugging code - identifies debugging techniques and blocks them
anti tampering in apps
checking signature
integrated checking apps
hardening by inserting small chunk of code “checkers” - checkers perform tests during run time - alerting user / disabling
anti-rooting in apps
to modify aspects of android OS, requires escalated privilages
jail protection in apps
remove restriction by manufacturer - security controls compromised - vulnerably to third parties
Runtime application self protection solutions (RASP)
an umbrella term for app hardening - focus on operational security - can block attempts to exploit vulnerabilities
fuzzing is?
automated testing - discover code error and vulnerabilities
sandboxing?
running apps, website and data in isolated environments - developers can inspect codes
