At Riscure we have observed many severe security issues exploited by hackers even in previously certified solutions. In recent years, certification, which aims to minimize security risks, has become more important, especially in the mobile application industry. However, certification compliance is sometimes still not sufficient. This is especially noticeable when the solution’s functionality is split across different environments such as a backend and a client application. In this white paper, we will focus on such solutions and will try to answer why even certified & tested solutions still contain easy-to-find and severe security issues.
We will investigate the underlying causes of issues that often remain unnoticed during the backend testing process in an effort to learn how to mitigate them. This white paper is based on real-world examples and provides actionable steps to improve the security of your solution. This paper is most beneficial for Chief Security Officers (CSOs) or managers of software development companies, as well as those considering penetration testing as a part of their security evaluation workflow.