In our May 13 Reddit Ask Me Anything (AMA) session, seasoned professionals from IBM’s Product Development, Marketing and Product Management teams answered a series of unscripted questions from a wide variety of global contacts.

Within the first 10 minutes, it became clear that mobile application security continues to be a primary concern for organizations of all sizes. Concerns ranged from how to protect privileged data stored in mobile applications to advancing security practitioners’ learning curves since many confess that “they don’t know what they don’t know.”

Here are 10 resources that will permit you to advance your learning curve quickly, with minimal time investment required on your part. Realistically, leveraging a combination of resources below will be the best course of action for most. These 10 practical actions you can expand your mobile application security knowledge:

1. Review Findings From Information Security Media Group’s ‘The State of Mobile Security Maturity,’ Sponsored by IBM

This study, “The State of Mobile Security Maturity,” is perfectly suited for you if you want to learn more about the overall mobile security landscape, including:

  • Where are enterprises most vulnerable with respect to mobile security?
  • How mature are organizations in their mobile security development efforts?
  • How will mobile security budgets be affected in 2015, and how will security investment be prioritized?

2. Read ‘The 10 Most Common Application Attacks in Action’

In this blog, Paul Ionescu, leader of IBM’s Ethical Hacking Team, presents each of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities, along with 10 companion videos that permit you to learn more about each in detail. Then you can focus on the vulnerabilities that are of the greatest concern to your organization. A replay of the webinar “Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 From Happening to You” is also available.

3. Consult the Ponemon Institute’s ‘The State of Mobile Application Insecurity,’ Sponsored by IBM

By reading “The State of Mobile Application Insecurity,” you’ll learn how organizations currently struggle to manage mobile security and how the “rush-to-release” phenomenon may result in the unfortunate release of mobile applications that lack the highest level of protection against data leakage and malware. You’ll also learn how organizations cope with employees’ risky mobile security behaviors and what steps they’re taking to better secure mobile applications in the future.

4. Participate in the ‘Making the Business Case for Mobile Application Security’ Webinar

In this May 28 webinar, titled “Making the Business Case for Mobile Application Security,” we’ll examine vulnerabilities that were detected by the IBM X-Force Research and Development team in real-life mobile applications and frameworks and dig into results from recent research conducted on vulnerabilities relating to more than 40 top online dating applications. We’ll conduct a live demo that shows you how you can conveniently scan mobile applications for potential vulnerabilities and then utilize the results to fix detected vulnerabilities and integrate best practices into your Secure Software Development Life Cycle (SDLC). After the webinar date, the session will be available for replay.

5. Set a Date! Read ‘A Perfect Match: Uniting Mobile Security With Your Employees’ Use of Online Dating Apps’

In this blog post, I provide an overview of vulnerabilities that were detected in a wide range of online dating applications. More importantly, I provide a list of practical tips that your organization’s users can follow to better protect themselves from potential mobile threats. If you plan to participate in the “Making the Business Case for Mobile Application Security” webinar referenced in No. 4 above, I recommend that you review this blog prior to attending the session. You can also access a copy of the full online dating application report.

6. Learn How IBM and Arxan Technologies Have Partnered to Improve Mobile Financial Application Security Protection

In this short video, you’ll learn how mobile applications that are utilized by your clients, employees and business partners can be reverse engineered or tampered with by application hackers, jeopardizing privileged organizational data. It explains why traditional application security protection tactics simply aren’t sufficient in today’s mobile application environment. It also covers how Arxan Application Protection for IBM Solutions provides protection for mobile financial services applications without the incorporation of burdensome security controls.

7. Watch the Demo, ‘Interactive Application Security Testing on Mobile Attacks’

This demo discusses several flaws identified in the Android mobile framework. These vulnerabilities increased the risk of potential attacks against Apache Cordova-based applications, which encompass more than 10 percent of financial applications on the Android platform.

8. Review a Case Study to Learn How an IBM Client Improved Security Protection and Reduced Costs

This case study focuses on an organization — a Web and mobile application provider — that wanted to detect and fix application vulnerabilities earlier in the software development life cycle to better protect clients’ data. According to the client, testing applications earlier and more frequently gives their security staff, executives and customers more peace of mind while reducing the cost to fix vulnerabilities by up to 95 times.

9. Spend Two Minutes to Learn How to Identify and Remediate Application Security Attacks Effectively

How can you manage application security risk in an environment that prioritizes time to market for your new applications? The answer: with IBM Application Security on Cloud. In this brief video, you’ll learn how IBM Application Security Analyzer identifies security issues in applications and produces detailed vulnerability reports for you to review, including recommended remediation steps for you to follow.

10. Discover How to Enhance Your Cryptographic Key Protection

Cryptographic-focused attacks represent a rapidly growing mobile security problem and are one of the most difficult risks to minimize. If your organization isn’t taking the appropriate steps to protect your keys, you’re giving hackers easy access to your private data and transactions. For more details, read Jonathan Carter’s recent blog.

To Learn More…

For even more ways to improve your mobile security knowledge, check out my July 20 blog, “Another 10 Convenient Ways to Increase Your Mobile Application Security Knowledge.”

more from Application Security

Controlling the Source: Abusing Source Code Management Systems

For full details on this research, see the X-Force Red whitepaper “Controlling the Source: Abusing Source Code Management Systems”. This material is also being presented at Black Hat USA 2022. Source Code Management (SCM) systems play a vital role within organizations and have been an afterthought in terms of defenses compared to other critical enterprise systems such as Active Directory.…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however,…