|Development and the Law - Development may often be overlooked - but it is never forgotten nor is it exempt.|
Monday, October 2, 2017
We’ve scheduled the next installment of our app risk webinar series: App Dev and the law: GDPR, DTSA, ETC
New laws mean new organizational obligations (and penalties).
Why invest your valuable time?
3 reasons why this content is timely
Register for one of these two convenient time slots:
Processing system obligations
Processing system infringement
GDPR Processing System Assessment
GDPR Software Development Assessment
1. Development organizations can be held accountable for data breaches where attackers capitalized on avoidable software gaps or vulnerabilities.
2. 100% vulnerability free applications 100% of the time is an unattainable standard.
3. Application hardening is a recognized control to minimize risks stemming from unauthorized use of debuggers to compromise production applications (and, by extension, the data that flows through them).
A Breached Application Breaches Completely
It has never been more important for development organizations to include reasonable, scalable, and reliable controls to avoid, detect, and remediate application exploits – everywhere, not just in obvious, flagship systems.
DashO Root Detection & Defense is one Check that will not bounce! Originally posted on July 28, 2017
I’m delighted to report that PreEmptive Solutions released DashO 8.2 for Java and Android earlier this week. Like most of our releases, it has a lot packed into it including:
Control Implementation Characteristics
|Complexity||Low: specialized behaviors such as incident detection or offline-caching of data are delivered as “turnkey” (no coding)||High: each application presents its own unique set of implementation requirements that must be designed and tested as “first class” features.|
|Effort and training||Low: injection patterns and configurations can be reused and shared across builds, releases, and applications.||High: expertise and effort required will increase proportionately to the number of applications and development teams managed.|
|Flexibility||Low: injection targets are often limited to method entry and exit points and highly customized interaction with other application functionality may be constrained as well.||High: controls implemented as code within an application have no inherent limitations.|
|Scalability||High: injection tasks can be included in build and deployment workflows through a centralized process ensuring consist and effective use.||Low: compliance must compete with the development’s backlog of fixes and features – application-by-application.|
|Transparency & Auditability||High: as a part of the build and deployment workflow, successful use is logged and archived. The log can be used to guarantee functional compliance and proof of compliance.||Low: proving to auditors or end-users that controls are present and do no more (or less) than documented would require code review rather than documentation review.|
Six Degrees of Application Risk
Applying the Six Degrees of Application Risk
Effective Application Risk Management Hacks
The threat of increasing development complexity or cost, or compromising application quality or user experience is often motivation enough to maintain the status quo.
Avoid unnecessary waste and risk – follow-the-leaders
Stop a Hacker in Their Tracks
Anti-debugger controls: a near-universal application risk management requirement
Dotfuscator for .NET and DashO for Java and Android
|Platforms (selected)||Real-time defense||Alerts & reporting||Injection (no coding required)||Continuous deployment|
|Dotfuscator||.NET, UWP, Xamarin, etc.||Yes||Yes||Yes||Yes – Visual Studio, VSTS|
- GDPR and Application Development: My question to t...
- GDPR, DTSA, ETC: App Dev and the law originally po...
- GDPR liability: software development and the new l...
- App dev & the GDPR: three tenets for effective com...
- Another Application Vulnerability for Which There ...
- DashO Root Detection & Defense is one Check that w...
- The Six Degrees of Application Risk Originally pos...
- Like magicians, hackers do not reveal their tricks...
- (Re) Introducing Dotfuscator Community Edition Ori...
- 2nd Sneak Peek: 84% of dev teams fail to secure in...
- Anti-debug and Anti-tamper: more than just a power...
- Trade Secrets and Software: don’t give one up for ...
- PreEmptive Solutions’ Application “Bricking” Gives...
- Defend Trade Secrets Act codifies “open season” on...
- Reconciling GooglePlay's security recommendations ...
- GET THIS DEVELOPMENT QUESTION WRONG – AND YOU MAY ...
- .NET NATIVE; WHAT'S IT MEAN FOR OBFUSCATION AND DO...
- ▼ October (17)
- ► 2015 (13)
- ► 2012 (15)
- ► 2011 (17)