Cigniti Security Testing Teams get recognizedSairam Vedam
Listen on the go!
At Cigniti our resolution is always meant to help organizations say no to bad software. We do this diligently by assuring Software quality.
The New Year has started and many people are still holding to their resolutions. Besides the usual suspects of exercising more, loosing weight etc, our security testing experts in Cigniti have been working to touch new horizons of security testing.
Now what does it mean? Our security testing experts spend an hour everyday to find potential software flaws in mobile and web apps apart from the regular work and projects. They carefully choose potentially high used apps and test the app from various standpoints particularly from a view point of making them extra secure. Once they find the vulnerability in the best interest of every one they follow the responsible guidelines to report the vulnerability to the respective app owners. This is purely a pro-active measure to help organizations build better software.
What happens next? Lot of companies that are committed to create a better quality software acknowledge our experts and fix the flaw. This is truly an amazing power of collaborative work. Some of the very recent apps our security warriors worked and got recognized is here to see
What we found:
The Cigniti security testing team’s work resulted in finding out vulnerabilities that can lead to Impersonation and Unauthorized access through a user account into the apps under test. The vulnerability can be used to manipulate information and can also potentially snowball into a major security breach.
What we recommend:
- The app should not be accessible from two different Mobile devices.
- If simultaneous access from multiple Mobile devices is enabled, it needs to ensure access control with log-in password for every mobile device.
- The access should be tested in devices of the same platforms or OEMs. The availability of devices of the same platform increases the scope of penetration.
- Auth token should be encrypted using device specific salt.
Watch out this space for periodic updates. I wish you a very happy new year again and hope you achieve your new year resolutions.