Security software glossary

Vulnerable mobile devices and the prevalence of the Internet of Things (IoT) have created an urgent need for application hardening. By implementing hardening measures, you protect your apps against reverse engineering, tampering, and malware attacks

Read more about application hardening and the different methods of protecting your app. 

Application shielding should be your first line of defence when securing your apps. Key benefits include protection from the inside out, reduced risk of attacks, and real-time adjustments to stop potential attacks.

Learn more about how application shielding works and how it safeguards your application. 

App tampering refers to unauthorized modifications made to an application’s code or operational environment to alter its behavior, bypass security measures, or manipulate its functions. This can include changes to the application's binary, the injection of malicious code, or modifications to its runtime environment.

Learn more about app tampering.

Certificate pinning is a security technique that increases secure communication over the TLS (Transport Layer Security) protocol, like HTTPS. It ties a chosen TLS certificate or public key exclusively to the API server, allowing the application to reliably confirm the server's identity each time it connects. During interactions, the server presents a digital certificate to prove its identity and secures the encryption of data sent through APIs between the client and server. By matching the server’s shown certificate against a predetermined or "pinned" certificate within the app, certificate pinning ensures an additional layer of security, preventing man-in-the-middle (MITM) attacks and ensuring server communication integrity.

Read more about certificate pinning.

Developers use code obfuscation techniques to prevent cybercriminals from decompiling and reverse engineering source code. You will require a more exhaustive app security solution combining code obfuscation techniques with runtime protection to protect your apps completely.

Read more about how code obfuscation protects an app’s source code.

Device cloning is the unauthorized duplication of a mobile device's identity attributes used to create a copy or mimic the original device. In the scope of application security, device cloning allows malicious actors to impersonate the original device's owner, potentially leading to identity theft and fraud.

Learn more about device cloning.

Hooking frameworks let you intercept and modify a mobile application’s behavior at runtime. While commonly used for debugging, testing, and performance monitoring, they also come with significant risks if exploited.

Read more about hooking frameworks and how to mitigate associated risks.

Jailbreaking is the process of exploiting vulnerabilities in a device's software to remove manufacturer-imposed restrictions. This allows the user to gain root access to the operating system, enabling the installation of third-party applications, custom firmware, and other modifications not officially sanctioned by the device manufacturer.

Read more about jailbreaking.

Keylogging, short for "keystroke logging," is a method of covertly capturing and recording keystrokes made on a computer or other input device, like a keyboard. This technique is commonly employed by malicious software, known as keyloggers, to track and monitor user activity without their knowledge or consent. Keylogging can capture sensitive information and other personal data, posing significant security risks to individuals and organizations. While some keyloggers operate locally on a single device, others can transmit logged data remotely to a third party for exploitation or analysis.

Learn more about keylogging.

As applications are progressively connected to the cloud and are available over various networks, they are increasingly vulnerable to security threats and breaches. The evolving cybersecurity landscape requires businesses to protect their apps from the inside out.

Read about mobile app security technologies and best practices.

Rooting refers to gaining root access or administrative privileges on an Android device, like access to commands, system files, and folder locations usually locked off. This allows users to overcome limitations imposed by the device manufacturers or carriers, enabling the modification of system settings, removal of pre-installed apps, and installation of specialized apps that require root access. Rooting can enhance device functionality but also poses significant security risks, as it can expose the device to malware and void warranties.

Read more about rooting.

Security researchers reverse engineer code to map security risks, understand malicious applications and disrupt them. Researchers are not the only ones doing this. Bad actors also want to find flaws and vulnerabilities through reverse engineering. Potential impacts include intellectual property theft, reputational damage, identity theft, and compromised backend systems.

Learn more about reverse engineering techniques and how to protect your mobile apps. 

One way of dealing with cyber threats is to let your apps protect themselves. By using runtime protection, your apps can surround themselves with a shield that identifies and blocks cyberattacks in real-time.

Read more about how runtime application self-protection makes your apps protect themselves. 

Software development kits (SDKs) are toolsets that help developers create apps on platforms like iOS or Android. They provide building blocks, like code libraries and API interfaces to integrate native device functionalities and third-party services.

Read more about what is an SDK, its components and how to secure it.

Every application that processes encrypted information uses cryptographic keys to decrypt and encrypt incoming and outgoing data. Hackers can easily lift unprotected keys through reverse engineering, memory analysis, side-channel attacks, and other techniques. This is where white-box cryptography comes in.

Read more about how white-box cryptography technology embeds secret keys.