Trending

#codeobfuscation

Latest posts tagged with #codeobfuscation on Bluesky

Latest Top
Trending
#Ukraine Conflict #U.S. Foreign Policy #F1 #Chinese Grand Prix #SNL #Venezuela Baseball #AEW Collision #Six Nations #Newcastle United #Arsenal vs Everton #Ukraine Conflict #U.S. Foreign Policy #F1 #Chinese Grand Prix #SNL #Venezuela Baseball #AEW Collision #Six Nations #Newcastle United #Arsenal vs Everton

Posts tagged #codeobfuscation

Approov Mobile Security
Approov Mobile Security
@approov.bsky.social
6 months ago
Preview
Apple's iOS Obfuscation Dilemma: App Store Rejection & Developer Security Challenges Apple's iOS Obfuscation Dilemma: App Store Rejection & Developer Security Challenges In this vital episode of "Upwardly Mobile," we dive deep into the complexities of mobile app security within the healthcare sector, particularly concerning the HIPAA Security Rule and the challenges of iOS code obfuscation and App Store review. As telemedicine and mobile access to ePHI (Electronic Protected Health Information) become ubiquitous, understanding and implementing robust security measures is no longer optional—it's imperative. What You'll Learn in This Episode: - The Evolving Threat Landscape for Healthcare Apps: Discover how the rapid adoption of mobile healthcare apps by both patients and practitioners has created new, data-rich attack surfaces for hackers. This includes apps used for consultations, prescription refills, appointment scheduling, accessing test results, and even those associated with medical devices. - Limitations of Traditional Security: We explore why traditional security approaches and even robust TLS (Transport Layer Security) are often insufficient for protecting mobile healthcare apps and their APIs, particularly due to the unique exposure of mobile app code and device environments. Xcode's native build settings like symbol stripping and dead code stripping are primarily for optimization and offer no meaningful protection against determined reverse-engineering efforts. - Proposed Improvements to the HIPAA Security Rule: Learn about Approov's specific recommendations to strengthen the updated HIPAA Security Rule (initially proposed in June 2024), focusing on mobile apps accessing ePHI. Key proposed changes include mandating: - App Attestation: A proven technique to ensure only genuine, unmodified apps can access APIs. - Runtime Device Attestation: Continuous scanning and real-time reporting of device environments to block requests from compromised devices. - Dynamic Certificate Pinning: Essential for protecting communication channels from Man-in-the-Middle (MitM) attacks, even when traffic is encrypted. - API Secret Protection: Explicit guidelines to ensure API keys are never stored in mobile app code and are delivered only as needed to verified apps. - Runtime Zero Trust Protection of Identity Exploits: Additional controls like app and device attestation to provide an extra layer of zero-trust security against credential stuffing and identity abuse. - Breach Readiness and Service Continuity: Extending incident response plans to cover third-party breaches and explicitly managing API keys and certificates during a breach. - The Role of https://mas.owasp.org/MASVS/: Understand how the OWASP Mobile Application Security Verification Standard (MASVS) serves as the industry standard for mobile app security, offering guidelines for developers and testers. We specifically highlight MASVS-RESILIENCE for hardening apps against reverse engineering and tampering. - The iOS Obfuscation Dilemma: Unpack the conflict faced by developers in regulated industries like fintech and healthcare: the critical need to protect proprietary algorithms and sensitive logic through code obfuscation versus the risk of rejection by Apple's App Store. Apple's guidelines are ambiguously enforced, often flagging aggressive obfuscation as an attempt to "trick the review process". - Third-Party Obfuscation Solutions: Since Xcode provides no built-in true obfuscation features, we discuss the imperative for advanced third-party solutions. Learn about techniques like symbol renaming, string encryption, control flow obfuscation, and dummy code insertion. We also touch upon leading commercial tools like Guardsquare's iXGuard, Zimperium's Mobile Application Protection Suite (MAPS), and Appdome, as well as LLVM-based obfuscators. - Obfuscation as a Compliance Control: Discover why code obfuscation and Runtime Application Self-Protection (RASP) are fundamental technical safeguards for HIPAA compliance and meeting the requirements of PCI DSS, even if not explicitly named in the regulations. - Strategic Recommendations for Implementation: Get insights on implementing a risk-based tiered approach to app protection, integrating obfuscation into your CI/CD pipeline, and transparently communicating your security posture to the App Store review team to mitigate rejection risks. Tune in to gain a comprehensive understanding of securing your mobile health applications in today's complex digital environment! Relevant Links & Resources: - Sponsor: Learn more about app and API security solutions from Approov: https://approov.io/ - Approov Blog: Injecting Mobile App Security into The HIPAA Healthcare Security Rule: https://approov.io/blog/injecting-mobile-app-security-into-the-hipaa-healthcare-security-rule - OWASP Mobile Application Security (MAS) Project: https://owasp.org/www-project-mobile-app-security/ - OWASP Mobile Application Security Verification Standard (MASVS): https://mas.owasp.org/MASVS/03-Using_the_MASVS/ Keywords: Mobile App Security, Healthcare, HIPAA, ePHI, API Security, Code Obfuscation, iOS Security, App Store Review, App Attestation, Runtime Application Self-Protection (RASP), PCI DSS, OWASP MASVS, Man-in-the-Middle (MitM) Attacks, API Keys, Zero Trust, Telemedicine, Virtual Healthcare, Mobile Health, Cybersecurity, Enterprise Security, Data Protection, Compliance, InfoSec, Privacy, Digital Health. 

📣 New Podcast! "Apple's iOS Obfuscation Dilemma: App Store Rejection & Developer Security Challenges" on @Spreaker #appdome #approov #appsecurity #codeobfuscation #dataprotection #guardsquare #healthcareit #iosdevelopment #mobilesecurity #owaspmasvs #rasp #securesoftware #zerotrust #zimperium

1 0 0 0
Approov Mobile Security
Approov Mobile Security
@approov.bsky.social
7 months ago
Preview
The $7M Blindspot: Mobile App Security's Hidden Costs and Fortifying APIs with Zero Trust In this episode of https://open.spotify.com/show/3iYLhvcx8q1QwH0jc1QSld, we dive deep into the critical, yet often underestimated, world of mobile app security. Drawing on recent research, we uncover a staggering misalignment between perception and reality, highlighting why organizations are facing an average of nine mobile app security incidents per year, with an average financial toll reaching $6.99 million in 2025. While 93% of organizations believe their mobile app protections are sufficient, a substantial 62% have experienced at least one security incident in the past year. The repercussions extend beyond financial losses, including application downtime, sensitive data leaks, erosion of consumer trust, and a diminished user experience. We explore why traditional security measures, particularly code obfuscation, are no longer enough. Obfuscation, while deterring casual attackers, is ultimately a deterrent, not a preventative measure, offering minimal protection against runtime threats, dynamic analysis, and AI-assisted reverse engineering. The real target for modern attackers is increasingly Application Programming Interfaces (APIs). Mobile apps serve as entry points to exploit backend APIs for credential stuffing, data scraping, and business logic abuse, none of which static defenses can prevent. The weaponization of Artificial Intelligence (AI) further escalates these threats, enabling automated botnets, adaptive malware, and accelerated vulnerability discovery. The solution? A crucial shift towards a dynamic, runtime-centric security model rooted in Zero Trust principles. This approach demands continuous monitoring and verification, moving beyond static, pre-deployment checks to protect apps during execution. Key elements of this essential dynamic security strategy include: • https://approov.io/mobile-app-security/rasp/: Acting as the app’s internal bodyguard, RASP detects and responds to runtime threats like debuggers, tampering, root/jailbreak, and hooking frameworks, offering real-time protection and contextual awareness. • https://approov.io/mobile-app-security/rasp/app-attestation/: This is a standout feature, ensuring that only requests truly originating from your official, unmodified mobile app, running on a non-compromised device, are allowed to access your backend APIs. This effectively blocks bots, scripts, tampered apps, and mitigates API abuse. • https://approov.io/mobile-app-security/rasp/runtime-secrets/: This critical measure removes sensitive secrets (like API keys) from the app's code entirely. Instead, secrets are delivered securely at runtime, just-in-time, and only to attested apps, preventing extraction through reverse engineering. • Dynamic Channel Protection (Dynamic Pinning): Unlike brittle static certificate pinning, dynamic pinning allows for secure, over-the-air updates of certificate pins, ensuring continuous protection against Man-in-the-Middle (MitM) attacks without requiring app store updates. We also differentiate between leading mobile app security solutions: • https://www.guardsquare.com/, with products like DexGuard and iXGuard, excels in client-side mobile app protection, focusing on code obfuscation, hardening, and RASP to make the app's code incredibly difficult to compromise on the device. • https://approov.io/ emphasizes remote mobile app attestation, performing deep, continuous inspection of the mobile app and device in the cloud. This server-side decision-making makes it significantly harder for attackers to bypass the attestation process, ensuring only genuine apps access your APIs. Approov's positive security model effectively "locks down" backend APIs. Ideally, a comprehensive mobile app security strategy leverages both types of solutions: Guardsquare for strong in-app protection, and Approov for critical API integrity and abuse prevention. This multi-layered approach, combining static and dynamic defenses, is no longer optional but a fundamental requirement for achieving adequate resilience against modern mobile threats. -------------------------------------------------------------------------------- Relevant Links to Source Materials: • Learn more about the research highlighting the mobile app security blindspot: "https://www.devprojournal.com/technology-trends/security/research-exposes-7m-mobile-app-security-blindspot-fueled-by-overconfidence/"  • Explore in-depth the need for dynamic defenses: "WP- Mobile Security Beyond Obfuscation v1.0 FINAL B.pdf". • Discover Approov's approach to superior mobile API protection: "https://approov.io/info/role-of-attestation-in-mobile-app-security". Sponsor: This episode is brought to you by Approov. Safeguard your mobile apps and APIs with their unique, patented runtime shielding solution. Visit https://www.google.com/url?sa=E&q=https%3A%2F%2Fapproov.io to learn more.

📣 New Podcast! "The $7M Blindspot: Mobile App Security's Hidden Costs and Fortifying APIs with Zero Trust" on @Spreaker #apiprotection #apisecurity #botmitigation #codeobfuscation #cybersecurity #datascraping #guardsquare #mobileapiabuse #mobileappsecurity #rasp #remoteattestation #zerotrust

0 0 0 0
HackerNoon
HackerNoon
@hackernoon.com
1 year ago
Preview
How To Brew Obfuscation in JavaScript Without Burning the Lab: AST, Babel, Plugins

In this article, we're going to take a look at obfuscation in the JavaScript, creating ways to hide algorithms and make it harder to study code. #codeobfuscation

1 0 0 0