Understanding the working of an application is paramount to securing the application. We will discuss how a typical Android application is designed and used. We will then delve into the risks associated with the apps.
The following diagram shows a typical architecture of a mobile backend with an app server and DB server. This app connects to the backend API server which relies on a database server behind the scenes:
It is recommended to follow the secure SDLC process while developing software. Many organizations embrace this method of SDLC to implement security at each phase of the software development life cycle process.
Performing threat modeling early in the application design process would allow for strong control on security vulnerabilities in the application. Building an application with no defects early in the process is much cheaper than addressing them once an application is in production. This is something...