Application Security
The Application Security: There are a number of issues to be cognizant of when it comes to application security.
Many of these have been addressed—or will be addressed—in other posts where discussion is more relevant, but the following is a list of those issues that CompTIA wants you to be aware of:
Key Management: Key management is an area of importance that is continuing to grow as PKI services increase and expand to mobile.
Credential Management: Credentials allow usernames and password to be stored in one location and then used to access websites and other computers.
Newer versions of Windows include Credential Manager (beneath the Control Panel) to simplify management.
Authentication: Authentication has always been an issue, but now that mobile expanding and the need for authentication with applications associate with it has grown, the issue has become even more important.
Read: Top 10 Mobile Devices Security
User should be taught best practices and should never configure any application to automatically log them in.
Geo-Tagging: Geo-tagging (usually written as GeoTagging) allow GPS coordinates (latitude, longitude, etc). To accompany a file such as an image.
This is a common practice with picture taken using a smartphone or digital camera. While it can be useful if you are trying to remember details of a family vacation, it can also raise security concerns in a business environment.
As an example, suppose a picture is taken of your server room and posted—the geotagged information accompanying it would allow anyone to know the precise location of your server room and that could easily be something you would rather protect.
Encryption: Encryption opens up a lot of possibilities for increasing security, but brings it with issues that company policies should be created to address: for example, what is the procedure when a user forgets their password to an application/data?
Read: Goals of a Mobile Device Security
Application White-Listing: White lists are lists of those items that are allowed (as opposed to a black list—things that are prohibited).
A while list of application should exist to identify what applications are approved and accepted on your network.
Transitive Trust/Authentication: Anytime one entity accepts a user without requiring additional authentication on the behalf of another entity, the possibility is introduced for problems to occur.
As much of a pain as it is for users, the more stops that you have requiring them to authenticate before passing through, the safer you make you make your environment.
This section has focused on security related to applications and relevant mostly to mobile security concepts.