Page 64 - Cyber Warnings August 2017
P. 64

For  example,  one  challenge  involves  forcing  an  Internet  connection;  if  you  are
               developing  an  application  that  needs  to  work  offline  then  this  is  not  feasible.
               Performance is another consideration. Server calls take time. Whilst this might not be
               an issue for simple apps, for high-performance apps, such as games, excessive latency
               ruins the user experience.

               You could decide to just encrypt your JavaScript code. Whilst this sounds like a great
               solution at first glance, it doesn’t quite work that way. Files can be encrypted but then
               they  won’t  be of any use to  the browser.  They first  need  to be  decrypted  in  order to
               make them readable to the browser; this takes you back to square one.

               Historically, organisations have tended to rely heavily on endpoint security solutions that
               protect the client-side. However, solutions such as antivirus have a low success rate,
               maybe as low as 40%. Because an application encompasses both the server and the
               client side and because the client-side solution doesn’t necessarily have to be endpoint
               security, then we see why every client app has its own cloaking system and defence.

               When  companies  focus  solely  on  the  threats  via  servers,  they  end  up  paying  little
               attention  to  the  hidden  dangers  of  hacks  through  the  client-side.  Our  experience  of
               speaking with IT teams is that generally they are unaware of the risks they face if the
               client-side isn’t protected properly. Our solution is designed to detect tampering with the
               application on the client-side. The knock-on effect is that the development and security
               teams are made aware and can therefore plan to ensure that the attack is thwarted. If
               you assume that execution takes place in an unsafe environment, then every measure
               possible is taken to allow the app to execute safely.

               These days, more portions of an app's logic are transferred from server-side to client-
               side, a result of the spread of HTML5 and JavaScript. This is driving developers to be
               much  more  security-conscious  and  to  focus  on  protecting  applications  in  a
               comprehensive manner. Adding an additional layer of security allows an application to
               become self-defensive – in this way it is able to detect any kind of tampering and make
               the code derail the execution of the program. If you require real time notifications you
               are able to use settings to warn you if your application is being tampered with or being
               used in a different environment or date other than those specified by you.

               We  cannot  escape  the  fact  that  JavaScript  is  the  de  facto  language  of  the  Web.  As
               more and more important information, logic and assets are incorporated on the client-
               side, we see the perimeters of the battlefield increase.





                    64   Cyber Warnings E-Magazine – August 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   59   60   61   62   63   64   65   66   67   68   69