If you're developing enterprise apps, there's a lot you need to think about. Usability, how your app will work on desktop and mobile, and security are three major issues to address with your development team.
Falling prey to a security flaw in your app can be disastrous for your whole company. One way to help reduce the chances of security problems is making sure your developers are not only aware of the security flaws that could plague your app, but how to test for them. Keep the following in mind as you work through the process of testing your app's security:
Certificate underpinning is the use of an SSL certificate to verify users. An SSL certificate is a data file that connects an organization's details to an encrypted key, allowing the user to connect securely to the application's server. In a study by data security and management company Wandera, nine out of ten apps studied didn't user certificate underpinning, making them susceptible to man-in-the-middle attacks.
Using weak security measures can be as bad as using no security measures. In its report, Wandera found that eight in ten apps allow weak passwords. Weak passwords are defined as passwords that can easily be guessed, like words from the dictionary, names of the user's loved ones, and dates that are important to the user. Three in ten apps had weak encryption, which comes from the use of weak algorithms to secure passwords and data.
One very important security risk to enterprise apps is the existence of impersonating apps, pieces of malware that create realistic-looking copies of legitimate enterprise apps to fool users into downloading them. Once downloaded, these pieces of malware can be destructive in a variety of ways, from rooting devices and allowing them to be accessed remotely to stealing information and pushing ads to the phone's notification bar and otherwise bombarding the user with pop-ups and advertisements. In any case where a device's security is compromised, its user's data is at risk of being exploited.
Security should always be a priority when you are developing an app, but you need to know how to test your app's security in order to make smart use of security features. A good way to test your app's security is to use the Open Web Application Security Project's Mobile Top Ten, a list of ten critical security risks that mobile devices face.
The list was published in 2014 using data collected in a 2013 survey of individuals working in mobile app development. A follow-up survey was conducted in 2015, but its results are not out yet. Using this list, you can extrapolate the security measures you need to protect your enterprise app and, by extension, your company's data.
Enterprise mobile apps can be tremendously beneficial to your organization—but they can be equally detrimental if security isn’t top of mind at all times. These security considerations aren’t the only ones you need to keep in mind when developing apps, but they’re certainly a good place to start.