Good morning! I write this on the very cold Monday morning that is January 6, 2014. Today, our friends over at Joppar, a mobile apps startup in Silicon Valley, have released a very good cheat sheet for app developers who want to care about the security of their application. In other words, anyone who does not want their own ‘Snapchat Breach Exposes Weak Security’ article from the New York Times.
I may be a little biased though, because Joppar quoted me as a web security expert, saying:
Don’t keep info that you aren’t willing to spend money and time on to protect. Avoid rolling your own authentication, unless security is your forte of course.
My exact quote did not survive the editing process, because it is still worth memorizing.
My larger point about authentication is do not roll your own authentication unless that is the point of your business. In our daily work, my Ruby on Rails development team uses Devise and then use oauth to support authentication with Google or Facebook. There just is not a reason to roll our own.
Anyway, take a look at the Joppar guide, How to Secure Your Mobile App the Easy Way. It offers some really sound advice and will surely increase your app security sagacity!
The baton is in your hand…
If you have any questions about web application security, the comments are open now!