Application security: How to make hacker proof apps with Java?
Android is still in development phase and lots of things have to be put in place, says Java evangelist Dr Kumar
Java is undoubtedly a ‘hot’ language with developers today focused on developing mobile applications. With Android phones poised to become the largest selling smartphones soon, the platform has brought in immense opportunities and also some concern surrounding the security for developers.
Java evangelist Dr. B. V Kumar tells CIOL in an interview that just using Java dosent make applications safe. There are other security practices that developers need to follow to make applications safe on Android platform. Excerpts:
Q: What makes Java a favorite language to write applications?
Dr Kumar: Programs written in Java can be written once and run anywhere. In case of C programming language one has to write different code from different platforms which was a nightmare for developers.
But just using Java does not make an application hacker proof. The application developers have to ensure that their applications do not have any loopholes.
Java has all ingredients and libraries (example Cryptography logging). Java is free and open source and – with minimum configuration and security SDLC in place one can develop secure applications.
CIOL: Why do you think Android phones are most targeted by hackers?
Dr Kumar: Android is still in development phase. Lots of things have to be put in place. I hope the issues will be addressed with the launch of Google’s Android 3.0 operating system.
CIOL: What are the security essentials a developer has to keep in mind while developing an application?
Dr Kumar: When you are developing any application it has to be articulated to include security aspects – basic things like authentication, data caring, things like encryption and security coding practice. Further any application should undergo test for security.
CIOL: Which are the most common varieties of attacks seen on mobile applications?
Dr Kumar: Most common exploits are XXS scripting. The Java script value that can be exploited. SQL injection and and Architecture by-pass. Most of the attacks can be categorized into these three categories