Difference between revisions of "Native App Security"
(Created page with "==Full Name and Context== An application that is installed on a user's computing device with full power to act as the user. ==Context== * The day when a personal computer was...")
Revision as of 11:06, 16 July 2018
Full Name and Context
An application that is installed on a user's computing device with full power to act as the user.
- The day when a personal computer was for running application for the user is long gone, never to return.
- Today a personal computer depends on cloud based service for nearly all of its functionality.
- Some of those sites are willing to use a trusted User Agent, typically a web browser from a well-known and trusted vendor for rendering its content.
- The first of the Laws of Security tell us that when an attacker gets to run their code on your computer, it is not longer just your computer any longer.
- For the case where the user is not forced to allow an application to run on their personal device, see the page Web App Security.
- The Native App exposes its name and the web site that backs it in a manner that allows the user to make a meaningful trust decision.
- Joint use Native Apps are provide to some industries for all to use. It makes the trust decision by the user much more difficult.
- Rules for apps installed on Apple devices
- Rules for apps installed on Android devices
- Rules for apps installed on Windows devices are of two types, but it is not clear how the user could possibly distinguish, so the concept has not been helpful.
- The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software.
- ISACs are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.