Chapter 1: How to secure mobile application

The concept of securing applications is generally quite nebulous. It usually pertains to all the theoretical concepts that come into play. There is no clear guideline on what to implement or for what purpose.

In order to clarify these murky waters of the security concept, let us simplify them. In this security - workshop, I will try to cover or touch down each security concept of OWASP with an emphasis on practical application.

Developers can divide applications into four basic categories:

1. Source code - This is the core of any application. For your business requirements, you write down thousands of lines. In other words, everything depends on this code. Someone who has access to these source code files can see your business logic and how you handle certain issues. There are many ways to encrypt the source code, and some of them are more effective than others. Time and resources are the determinants of what is the most effective approach.
2. Database - Database is the only thing you are going to make this application out of - essentially, you're going to manipulate that data according to your business logic, then present it to your stakeholders. This database is the reason you are creating such an application. Information of this kind should be kept secure.
3. API transactions - Most native/enterprise applications require communication with the backend servers in the form of network communications. Thus, data would travel from one portal to another and back again. Which could lead to data leakage, loss, or theft. Transferring such important information requires security as well.
4. Assets, local folders, downloaded files - Any application development involves many types of constant files, Assets folders containing all the resources and images, and some downloaded files. By exposing these files, the hackers or penetration testers will have a sense of how to exploit the app.

Until now, we have divided application development into 4 major categories, and for each category, we can use a different type of security and encryption. Our subsequence chapters will cover these topics in detail.