Layers // August 2023
??? Layers and Layers of app security
Here at Licel we talk about Layers a lot.
We often tell our clients that they should equip their app with four Layers of mobile application protection, for example.
So, when it came to naming our monthly newsletter in 2021, you might say the choice was a logical one.
Layers neatly sums up the way we see app security at Licel. After all, our idea of robust protection is a series of interconnected Layers of enhanced security. It's the only way to keep your application safe from increasingly dangerous, shape-shifting cyber threats.
The purpose of the Layers newsletter is to educate. It's there so that app developers, CISOs, CTOs, product managers, founders - essentially anybody interested in keeping their application safe for their end users - know about the latest threats.
The insights within Layers guide them on their journey to stop bad actors from infiltrating their app or SDK and therefore damaging their hard-earned reputation.
For a while now we've wanted to create a home for Layers here on LinkedIn, too.
So, here it is.
Welcome to the first edition! ??
Stick around, subscribe, and here's what you can expect from Layers each month:
?? Content about the latest app security threats and how to stop them
?? Insights, future trends, and opinions about finding the right balance between tech innovation and security
??? What we've been up to here at Licel - where we've been travelling, the events we've attended, and what we've been talking about
?? The latest news about enhancements and updates to our products - DexProtector, Stringer Java Obfuscator, and Alice Threat Intelligence
?? Hosting a community that cares passionately about security
Earlier this month we had the enormous pleasure of hosting the OWASP London Chapter meet-up at our offices.
It's a rare thing to find such an engaged and committed community of people. We certainly hadn't encountered one quite like it before. And in a world where cyber risks are constantly evolving and becoming ever more threatening, a group of talented people dedicated to evening the odds with attackers is pretty inspiring.
Does this description sound a bit like you?
If so, please consider joining your own local OWASP Chapter. They do really tremendous work in educating engineers about the role they can play in making applications safer for people.
We'd like to send a big thanks to Sam Stepanyan for his great work leading the London Chapter. Thanks also to Raz Probstein and Matthew Adams for giving such thought-provoking talks on the night.
?? The psychology of social engineering
There's something about social engineering attacks that makes them feel very new.
But are they really?
A lot of the techniques attackers use to trick us actually aren't new at all. Mimicry and misdirection have been used for thousands of years. Emotions have long been exploited in the pursuit of illegal gains.
The key difference now is the ease with which we can be manipulated. The device at our fingertips is ceaselessly pinging with notifications, demanding our attention. And we're so used to reaching for our phones without thinking that it's easy for a Trojan Horse - say an SMS seemingly from someone you trust with the promise of a prize - to slip through the net.
Read our article about the psychology of social engineering to discover the history behind one of the most pervasive cyber threats.
领英推荐
?? The push to open up Apple's Walled Garden
A common theme that we cover here at Licel is the conflict between increased competition in the tech world and security.
It's safe to say the two don't always go hand in hand.
The push to open up Apple's famous "walled garden" approach to security is the perfect example of this growing tension. Some people (and organizations) are unhappy with the sizeable cut that Apple receives from apps that users download from the App Store. The strength of feeling is such that the EU government has signed off on the Digital Markets Act which is set to enable iOS users to download apps from third party sources (outside the App Store).
Is this a good move for increased competition? Yes.
Is it good news for security? Possibly not.
?? Why you should think twice about creating custom security solutions
Sometimes the sheer scale and sophistication of cyber attacks can make developers think they need to come up with DIY security solutions to deal with them.
But more often than not, this approach is counter-intuitive. There's no sense in reinventing the wheel when robust, thoroughly-tested security solutions already exist.
?? Proactive malware defense from DexProtector
Mobile malware might just be the most pressing threat facing apps today.
Incidents were already on the rise before generative AI arrived and made it easier for malware to spread.?
DexProtector's latest anti-malware functionalities enable your app to react proactively if malware is detected on your end user's device.
??? On our reading list
Here are a few articles that got our attention recently:
We hope you've enjoyed the first edition of Layers here on LinkedIn. If anything here has resonated with you and you want to get in touch, please comment below or contact us at [email protected].
Don't forget to subscribe so you get pinged about the next edition of Layers.
And if you know somebody else who would appreciate Layers, please forward it on to them.
Banker at STANDARD CHARTERED BANK
1 年Thanks.