Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

State of Application Security Vol. 4

4,967 views

Published on

Arxan Technologies inforgraphic on the current state of application security.

Published in: Technology
  • Girls for sex in your area are there: tinyurl.com/areahotsex
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Real people just like you are kissing the idea of punching the clock for someone else goodbye, and embracing a new way of living. The internet economy is exploding, and there are literally THOUSANDS of great earnings opportunities available right now, all just one click away. ▲▲▲ http://ishbv.com/ezpayjobs/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating direct: ♥♥♥ http://bit.ly/369VOVb ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Sex in your area is here: ❶❶❶ http://bit.ly/369VOVb ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Get Paid To Waste Time On YouTube! ★★★ http://t.cn/AieXipTS
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

State of Application Security Vol. 4

  1. 1. STATE OF APPLICATION SECURITY VOL. 4, 2015 STATE OF PIRACY 1.6M 1.96M ASSETS IS EXPECTED NUMBER OF PIRATED Pirated software found between Jan. 2012 and Mar. 2015 BREAKDOWN OF SOFTWARE PIRACY Between 2012 and 2014 the average Android Apps Key Generators Apple Software Windows Desktop Software Apple Apps number of pirated assets found per year 2012-2014 AVG./YR 2015* was 1.6M. In 2015, the total number of 41% 17% 13% 9% 5% KEY9,000 GENERATORS FOUND Software that generates product licensing keys to enable unauthorized access to software or digital media releases. What are they? APPLICATION RISKS ENABLING PIRACY DISTRIBUTION MODEL FOR REVERSE-ENGINEERING APPLICATION TAMPERING With readily available tools, hackers can quickly convert unprotected binary code back to source-code, repackage and distribute. VOLUME OF PIRATED RELEASES SPEED OF ILLEGAL DISTRIBUTION 100’s 100,000’s 0 sec 33 mins Scene FTP Top Sites Private Torrent Sites Public Sites Cyber- lockers Applications can be modified or injected with malware at run-time to steal keys, and alter execution in line with hacker objectives. 23.76% OF GLOBAL INTERNET BANDWIDTH IS CONSUMED BY TRAFFIC INFRINGING UPON COPYRIGHT. ECONOMIC IMPLICATIONS OF PIRACY 2 pirated assets is expected to hit 1.96M. (Source: iThreat Cyber Group & Arxan Technologies) TO INCREASE 22% PIRATED SOFTWARE IN 2014, THE UNMONETIZED VALUE OF PIRATED ASSETS REACHED $836,840,300,000$652 B $74 B $73 B $18 B $12 B $6 B Software Games Movies TV Music Adult Content UNADDRESSED APPLICATION VULNERABILITIES M1 Weak Server Side Controls M2 Insecure Data Storage M3 Insufficient Transport Layer M4 Unintended Data Leakage M5 Poor Authorization M7 Client Side Injection M9 Improper Session Handling M10 Lack of Binary Protections 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Jan-2015 June-2015 OWASP MOBILE TOP 10 97% OF MOBILE APPS LACK THE PROPER BINARY PROTECTIONS, LEAVING THEM VULNERABLE TO PIRACY. 50% OF ORGANIZATIONS HAVE ZERO BUDGET ALLOCATED TO PROTECTING MOBILE APPS. (M6 and M8 not included in analysis) A recent study analyzed over 96,000 Android apps to measure how well they addressed the OWASP Mobile Top 10 vulnerabilities. The graph below shows the percentage of apps that failed to address these vulnerabilities over time. RECOMMENDATIONS TO MITIGATE SOFTWARE PIRACY 35% 30% 25% 20% 15% 10% 5% Application Layer Data Layer Network Layer RETHINK YOUR SECURITY INVESTMENT APPROACH Consider how much money is spent on application security versus other areas. BUILD RUN-TIME PROTECTIONS INTO YOUR APPLICATIONS Implementing run-time protection will enable self-defense against tampering and malware attacks. Security Risk Spending A 2015 study from Ponemon Institute, sponsored by IBM Security, found that application security spending was not PROTECT YOUR CRYPTOGRAPHIC KEYS White box cryptography solutions can mask both static and dynamic keys. SECURITY RISKS VS. SPEND (Source: MetaIntelli, 2015 Research) Sources: 1. iThreat Cyber Group & Arxan Technologies 2. Study by NetNames/Envisional, sponsored by NBC Universal 3. Tru Optik, 2014 Research 4. MetaIntelli, 2015 Research 5. Ponemon Institute study, sponsored by IBM Security, Mar 2015 3 4 5 SECURITY INVESTMENTS NOT IN LINE WITH LEVEL OF RISK in line with the level of application risk. For additional details & full report, visit Arxan.com

×