APPLICATION SECURITY VOL. 4, 2015
STATE OF PIRACY
ASSETS IS EXPECTED
NUMBER OF PIRATED
Pirated software found between Jan. 2012 and Mar. 2015
BREAKDOWN OF SOFTWARE PIRACY
Between 2012 and 2014 the average
number of pirated assets found per year
was 1.6M. In 2015, the total number of
Software that generates
product licensing keys to
enable unauthorized access to
software or digital media releases.
What are they?
APPLICATION RISKS ENABLING PIRACY
DISTRIBUTION MODEL FOR
REVERSE-ENGINEERING APPLICATION TAMPERING
With readily available tools, hackers
can quickly convert unprotected
binary code back to source-code,
repackage and distribute.
VOLUME OF PIRATED RELEASES
SPEED OF ILLEGAL DISTRIBUTION
0 sec 33 mins
Applications can be modified or
injected with malware at run-time
to steal keys, and alter execution in
line with hacker objectives.
OF GLOBAL INTERNET BANDWIDTH
IS CONSUMED BY TRAFFIC INFRINGING
ECONOMIC IMPLICATIONS OF PIRACY
pirated assets is expected to hit 1.96M.
(Source: iThreat Cyber Group & Arxan Technologies)
TO INCREASE 22%
IN 2014, THE UNMONETIZED
VALUE OF PIRATED ASSETS
$74 B $73 B
$18 B $12 B $6 B
Software Games Movies TV Music Adult
M1 Weak Server Side Controls
M2 Insecure Data Storage
M3 Insufficient Transport Layer
M4 Unintended Data Leakage
M5 Poor Authorization
M7 Client Side Injection
M9 Improper Session Handling
M10 Lack of Binary Protections
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
OWASP MOBILE TOP 10
OF MOBILE APPS LACK THE PROPER
BINARY PROTECTIONS, LEAVING THEM
VULNERABLE TO PIRACY.
OF ORGANIZATIONS HAVE
ZERO BUDGET ALLOCATED TO
PROTECTING MOBILE APPS.
(M6 and M8 not included in analysis)
A recent study analyzed over 96,000 Android apps to measure how well they
addressed the OWASP Mobile Top 10 vulnerabilities. The graph below shows
the percentage of apps that failed to address these vulnerabilities over time.
RECOMMENDATIONS TO MITIGATE
RETHINK YOUR SECURITY
Consider how much money is spent on
application security versus other areas.
BUILD RUN-TIME PROTECTIONS
INTO YOUR APPLICATIONS
Implementing run-time protection will enable
self-defense against tampering and malware attacks.
Security Risk Spending
A 2015 study from Ponemon Institute,
sponsored by IBM Security, found that
application security spending was not
White box cryptography solutions can
mask both static and dynamic keys.
SECURITY RISKS VS. SPEND
(Source: MetaIntelli, 2015 Research)
1. iThreat Cyber Group & Arxan Technologies
2. Study by NetNames/Envisional, sponsored by NBC Universal
3. Tru Optik, 2014 Research
4. MetaIntelli, 2015 Research
5. Ponemon Institute study, sponsored by IBM Security, Mar 2015
NOT IN LINE WITH LEVEL OF RISK
in line with the level of application risk.
For additional details
& full report, visit Arxan.com