QOTD on Mobile Security

Just because a mobile site is meant to be viewed on a mobile browser with limited functionality doesn't mean an attacker can't load it in a normal browser and have full use of their powerful tools to bypass authentication, find vulnerabilities in non-standard encryption, and ultimately crack the site -- and the main data store behind it.

It's like having two doors to your bank vault.

Web applications of today are like the highly guarded front door fortified by mature security practices and fully capable of stopping an intruder. Mobile APIs are like the unguarded back door -- offering far easier access to would-be attackers.
-- Pete Soderling, founder of Stratus Security

Src: Technology News: Mobile Tech: The Ultimate Jailbreaker, Part 3

No comments: