In our May 13 Reddit Ask Me Anything (AMA) session, seasoned professionals from IBM’s Product Development, Marketing and Product Management teams answered a series of unscripted questions from a wide variety of global contacts.

Within the first 10 minutes, it became clear that mobile application security continues to be a primary concern for organizations of all sizes. Concerns ranged from how to protect privileged data stored in mobile applications to advancing security practitioners’ learning curves since many confess that “they don’t know what they don’t know.”

Here are 10 resources that will permit you to advance your learning curve quickly, with minimal time investment required on your part. Realistically, leveraging a combination of resources below will be the best course of action for most. These 10 practical actions you can expand your mobile application security knowledge:

1. Review Findings From Information Security Media Group’s ‘The State of Mobile Security Maturity,’ Sponsored by IBM

This study, “The State of Mobile Security Maturity,” is perfectly suited for you if you want to learn more about the overall mobile security landscape, including:

  • Where are enterprises most vulnerable with respect to mobile security?
  • How mature are organizations in their mobile security development efforts?
  • How will mobile security budgets be affected in 2015, and how will security investment be prioritized?

2. Read ‘The 10 Most Common Application Attacks in Action’

In this blog, Paul Ionescu, leader of IBM’s Ethical Hacking Team, presents each of the Open Web Application Security Project (OWASP) Top 10 vulnerabilities, along with 10 companion videos that permit you to learn more about each in detail. Then you can focus on the vulnerabilities that are of the greatest concern to your organization. A replay of the webinar “Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 From Happening to You” is also available.

3. Consult the Ponemon Institute’s ‘The State of Mobile Application Insecurity,’ Sponsored by IBM

By reading “The State of Mobile Application Insecurity,” you’ll learn how organizations currently struggle to manage mobile security and how the “rush-to-release” phenomenon may result in the unfortunate release of mobile applications that lack the highest level of protection against data leakage and malware. You’ll also learn how organizations cope with employees’ risky mobile security behaviors and what steps they’re taking to better secure mobile applications in the future.

4. Participate in the ‘Making the Business Case for Mobile Application Security’ Webinar

In this May 28 webinar, titled “Making the Business Case for Mobile Application Security,” we’ll examine vulnerabilities that were detected by the IBM X-Force Research and Development team in real-life mobile applications and frameworks and dig into results from recent research conducted on vulnerabilities relating to more than 40 top online dating applications. We’ll conduct a live demo that shows you how you can conveniently scan mobile applications for potential vulnerabilities and then utilize the results to fix detected vulnerabilities and integrate best practices into your Secure Software Development Life Cycle (SDLC). After the webinar date, the session will be available for replay.

5. Set a Date! Read ‘A Perfect Match: Uniting Mobile Security With Your Employees’ Use of Online Dating Apps’

In this blog post, I provide an overview of vulnerabilities that were detected in a wide range of online dating applications. More importantly, I provide a list of practical tips that your organization’s users can follow to better protect themselves from potential mobile threats. If you plan to participate in the “Making the Business Case for Mobile Application Security” webinar referenced in No. 4 above, I recommend that you review this blog prior to attending the session. You can also access a copy of the full online dating application report.

6. Learn How IBM and Arxan Technologies Have Partnered to Improve Mobile Financial Application Security Protection

In this short video, you’ll learn how mobile applications that are utilized by your clients, employees and business partners can be reverse engineered or tampered with by application hackers, jeopardizing privileged organizational data. It explains why traditional application security protection tactics simply aren’t sufficient in today’s mobile application environment. It also covers how Arxan Application Protection for IBM Solutions provides protection for mobile financial services applications without the incorporation of burdensome security controls.

7. Watch the Demo, ‘Interactive Application Security Testing on Mobile Attacks’

This demo discusses several flaws identified in the Android mobile framework. These vulnerabilities increased the risk of potential attacks against Apache Cordova-based applications, which encompass more than 10 percent of financial applications on the Android platform.

8. Review a Case Study to Learn How an IBM Client Improved Security Protection and Reduced Costs

This case study focuses on an organization — a Web and mobile application provider — that wanted to detect and fix application vulnerabilities earlier in the software development life cycle to better protect clients’ data. According to the client, testing applications earlier and more frequently gives their security staff, executives and customers more peace of mind while reducing the cost to fix vulnerabilities by up to 95 times.

9. Spend Two Minutes to Learn How to Identify and Remediate Application Security Attacks Effectively

How can you manage application security risk in an environment that prioritizes time to market for your new applications? The answer: with IBM Application Security on Cloud. In this brief video, you’ll learn how IBM Application Security Analyzer identifies security issues in applications and produces detailed vulnerability reports for you to review, including recommended remediation steps for you to follow.

10. Discover How to Enhance Your Cryptographic Key Protection

Cryptographic-focused attacks represent a rapidly growing mobile security problem and are one of the most difficult risks to minimize. If your organization isn’t taking the appropriate steps to protect your keys, you’re giving hackers easy access to your private data and transactions. For more details, read Jonathan Carter’s recent blog.

To Learn More…

For even more ways to improve your mobile security knowledge, check out my July 20 blog, “Another 10 Convenient Ways to Increase Your Mobile Application Security Knowledge.”

More from Application Security

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…