Tag Archive for: Developers’

DVIDS – News – Cyberspace Developer’s Course Critical to Retention and National Security

/in



FORT GEORGE G. MEADE, Md. – Cyber Soldiers and a Marine graduated from the 11-month Tool Developer Qualification Course (TDQC) in a ceremony hosted by the 780th Military Intelligence Brigade (Cyber) at the Post Theater, July 13.

The United States Army has partnered with the University of Maryland Baltimore County (UMBC) to train Soldiers and Marines to become Cyberspace Capability Developers.

The nation’s demand, makes the retention of cyberspace Soldiers more challenging; however, in addition to a unique mission set, programs like 170D, Cyber Capabilities Developer Technician (https://recruiting.army.mil/170d/) warrant officer recruitment; the 780th MI Brigade’s in house certification of Network +; Security +; Certified Ethical Hacker and CISSP; and education partnership programs like TDQC are essential if the U.S. Army and Marine Corps want to retain the “best and the brightest.”

Army Gen. Paul M. Nakasone, commander, U.S. Cyber Command and director, National Security Agency chief, Central Security Service, told the House Armed Forces Committee in March 2020, “I continue to pursue creative ways to leverage our nation’s best and brightest to want to contribute to our missions.”

According to the 780th MI Brigade S3 (operations) program managers, graduates of the TDQC course are proficient to an intermediate level in creating programs using the C and Python computer programming languages, and provides an education path for individuals to become experienced at 90 percent of the identified critical developer requirements that an individual must be able to articulate and demonstrate through practical application in order to be certified as a Cyberspace Capability Developer.

“Its purpose is to educate individuals who have little to no computer programming experience that have been identified through an assessment as having an aptitude and desire to become a computer programmer,” said Sgt. 1st Class Corbin Greeff, a brigade senior Non-Commissioned Officer.

The 2021 TDQC graduating class includes: Spc. William Colley; Spc. Arthur Gould; Staff Sgt….

Source…

Mobile app developers potentially expose personal data of 100 million Android users

/in


After examining 23 Android applications, Check Point Research noticed mobile app developers potentially exposed the personal data of over 100 million users through a variety of misconfigurations of third party cloud services. 

Personal data included emails, chat messages, location, passwords and photos, which, in the hands of malicious actors could lead to fraud, identity-theft and service swipes.

CPR discovered publicly available sensitive data from real-time databases in 13 Android applications, with the number of downloads that each app has ranging from 10,000 to 10 million.

It found push notification and cloud storage keys embedded in a number of Android applications themselves. 

Modern cloud-based solutions have become the new standard in the mobile application development world. Services such as cloud-based storage, real-time databases, notification management, analytics, and more are simply a click away from being integrated into applications. Yet, CPR says developers often overlook the security aspect of these services, their configuration, and their content.

CPR recently discovered that in the last few months, many application developers have left their data and millions of users’ private information exposed by not following best practices when configuring and integrating third party cloud-services into their applications. The misconfiguration put users’ personal data and developers’ internal resources, such as access to update mechanisms, storage and more, at risk, it says.

Misconfiguring Real-Time Databases

Real-time databases allow application developers to store data on the cloud, making sure it is synchronised in real-time to every connected client. This service solves one of the most encountered problems in application development, while making sure that the database is supported for all client platforms. 

However, what happens if the developers behind the application do not configure their real-time database with a simple and basic feature like authentication?

“This misconfiguration of real-time databases is not new, and continues to be widely common, affecting millions of users,” CPR says. 

“All CPR researchers had to do was attempt to access…

Source…

4 mobile app security threats all developers must face

/in


Mobile application development requires software teams to configure multitudes of communication and component layers in order to function properly. Unfortunately, each layer a developer adds to a mobile app increases the attack surface and opens new intrusion points. As such, development teams that do not properly secure each layer of their mobile apps and services risk compromising business-critical data, user safety and device control.

The important thing to remember is how many of these vulnerabilities reside in the application code itself. Whether an organization has a dedicated security team or not, developers play a crucial role when it comes to protecting these mobile applications — not just in terms of patching them, but implementing strategies that actually monitor and proactively address potential threats.

This article will help developers understand more about their role in mobile security efforts by examining four of the most common — but extremely dangerous — mobile app security threats. We also examine the particular tooling, practices and coding standards that act as the remedies for each one of these threats. 

Code injection

Code injection occurs when an attacker adds malicious code through a GUI, data connection point or other vector that provides access to application code. For example, consider if a login form field does not have any proper input validation, such as value restrictions. This presents an opportunity for a hacker to easily enter any character or even a JavaScript code snippet to compromise user data.

To prevent this, it’s important to stick to the following guidelines:

  • Adhere to strict coding guidelines that help eliminate potential mobile app security threats, such as proper separation between business and technical exceptions.
  • Carefully identify input sources and apply proper input validation techniques, such as specified variable types, standard encoding schemes and targeted penetration testing.
  • Ensure that it is difficult to reverse engineer code by using source code analysis tools like Quick Android Review Kit (QARK).

Client-side storage and data leakage

Mobile apps typically need to access — or transfer — data from…

Source…

North Korea attempted to hack into COVID-19 vaccine developers data

/in



By Park Han-sol A North Korean cyber espionage group has attempted to hack into multiple international organizations including companies working on COVID-19 vaccines with a new fo …

Source…