Page 27 - index
P. 27
10. Don’t Trust Local Resources
Many organizations leverage third-party libraries and other external file-based resources. Where
possible, application controls should verify the integrity of these external dependencies as well.
For example, a mobile device application may rely upon JavaScript that is executed in a local
browser. The application should verify the integrity of this external resource before loading it into
a browser on the device.
Parting Thoughts
Mobile app developers must now take into account a whole host of new risks that relate to
hosting code in an uncontrolled environment. If you are hosting code in an untrustworthy
environment, you are susceptible to these risks.
As such, a holistic approach is needed that can detect, react, and alert to unauthorized code
modifications or reverse-engineering within the mobile app. With such an approach, hackers are
kept further at bay, and the odds of a network breach significantly drop with sensitive data that
is more difficult to decipher.
About the Author
Jonathan Carter is the technical director of Arxan Technologies. He
has over 15 years of security expertise within Canada, United States,
Australia, and England. Jonathan has produced software for online
gaming systems, payment gateways, SMS messaging gateways, and
other solutions requiring a high degree of application security.
Jonathan’s technical background in artificial intelligence and static
code analysis has lead him to a diverse number of security roles:
Enterprise Security Architect, Web Application Penetration Tester,
Fortify Security Researcher, and Security Governance lead. Jonathan
can be reached at (301) 968-4290 and at our company website http://www.arxan.com
I25B /1B>9>7C &171J9>5 M +5@D5=25B 49D9?>
?@IB978D K I25B 565>C5 &171J9>5 << B978DC B5C5BF54 G?B<4G945
