使您的新应用更安全的实用提示
Up to 92 percent of all apps available today have security weaknesses or flaws that can be easily exploited by nefarious cyber-criminals. If you are creating an app or planning to launch one in the near future, then making sure it is secure is a must. After all, there’s no one who wants to use an insecure app.
如今 , 多达 92%的 可用 应用程序 具有安全漏洞或缺陷,可以被邪恶的网络犯罪分子轻易利用。 如果您要创建应用程序或计划在不久的将来启动应用程序,则必须确保它的安全性。 毕竟,没有人愿意使用不安全的应用程序。
While using the services of third party service providers, like https://thinkwgroup.com/, is a great start, there are other steps you need to take to achieve a level of true security. Keep reading to learn what you can do to safeguard all the hard work you have done.
虽然使用第三方服务提供商的服务(例如 https://thinkwgroup.com/ )是一个很好的开始,但是您还需要采取其他步骤来达到真正的安全级别。 继续阅读以了解如何保护自己所做的所有辛勤工作。
接地保护 (Ground Up Protection)
When it comes to any type of software project, including apps, you need to make sure that security is the main priority from the very first day you begin working on it. However, it is crucial to remember, a native app is extremely different from a web application.
当涉及到任何类型的软件项目(包括应用程序)时,您需要确保从开始工作的第一天起,安全性就是首要任务。 但是,请记住,至关重要的是,本机应用程序与Web应用程序完全不同。
If you have a web application, software and data are found exclusively on a service and the client-side is essentially just an interface. However, with a native app, the code that is found on the device after it has been downloaded makes it much more accessible to individuals who have any type of malicious intent.
如果您有Web应用程序,则软件和数据只能在服务上找到,而客户端实际上只是一个接口。 但是,使用本机应用程序,下载设备后在设备上找到的代码可以使具有任何恶意意图的个人更容易访问该代码。
There are quite a few vulnerabilities that are present in the source code of the app. However, that isn’t where the majority of businesses focus the security dollars. Data and network security components are both vital elements of the bigger security picture. While this is true, the security has to begin with your actual app.
该应用程序的源代码中存在很多漏洞。 但是,这并不是大多数企业关注安全资金的地方。 数据和网络安全组件都是更大的安全形象的重要组成部分。 确实如此,但安全性必须从您的实际应用程序开始。
There is a wide array of reasons that vulnerabilities may occur, ranging from your failure to test your code, a developer error, or that your app has become the target of a hacker.
导致漏洞发生的原因有很多种,从您未能测试代码,开发人员错误或您的应用程序已成为黑客的目标。
后端安全 (Back End Security)
Cloud servers and servers that your apps APIs are accessing (a third party’s or your own) need to have set security practices in place to provide adequate protection for data and to help and prevent any unauthorized access.
云服务器和您的应用程序API正在访问的服务器(第三方或您自己的服务器)需要设置适当的安全措施,以为数据提供足够的保护,并帮助和防止任何未经授权的访问。
The APIs, along with those who are accessing them, need to be verified. This can help to prevent cases of eavesdropping on ay type of sensitive information that may be passing from the app’s database and server to the client.
这些API及其访问者都需要进行验证。 这有助于防止窃听可能从应用程序的数据库和服务器传递到客户端的任何类型的敏感信息。
使用智能加密策略供移动设备使用 (Utilize a Smart Encryption Policy for Mobile Device Use)
Although it was stated above, it is a good idea to mention it again – much more of an app’s data and code will have to be stored on your device than with a typical web app.
尽管已在上面进行了说明,但最好再次提及它-与典型的Web应用程序相比,必须将更多应用程序的数据和代码存储在设备上。
Why?
为什么?
Because you are now accounting for the often-varying bandwidth, performance, and the quality of the devices being used. With more data being stored locally on devices (regardless of if it is temporarily or permanently), it’s going to be more vulnerable.
因为您现在要考虑经常变化的带宽,性能和所用设备的质量。 随着更多数据被本地存储在设备上(无论是临时还是永久存储),它将变得更加脆弱。
A “leaky” app may release your customer’s data without them being aware of the problem. This is done with mobile data points that have been collected or entered in the background, such as usage habits for the device, location, and age.
一个 “泄漏的”应用程序 可能会在客户不了解问题的情况下发布您客户的数据。 这是通过在后台收集或输入的移动数据点完成的,例如设备的使用习惯,位置和年龄。
安全是任何应用程序必不可少的 (Security is a Must-Have for Any App)
If you want a secure app, you have to take steps to ensure this happens. There are more than a few methods you can use to ensure security but be sure to keep the tips and information here in mind. While the professionals can offer some layer of help, it’s also important that you take your own security steps to minimize the possibility of problems when actual users begin accessing the app that you have created.
如果您想要一个安全的应用程序,则必须采取措施以确保这种情况发生。 您可以使用多种方法来确保安全,但是请务必牢记此处的提示和信息。 尽管专业人员可以提供一些帮助,但是您必须采取自己的安全措施,以在实际用户开始访问您创建的应用程序时最大程度地减少出现问题的可能性,这一点也很重要。
翻译自: https://www.thecrazyprogrammer.com/2019/03/helpful-tips-to-make-your-new-app-more-secure.html