Application Security: The Essentials – Insecure Cryptographic Storage

In the past few years there has been an exponential increase in the volume of sensitive and confidential data which is being stored by applications and other software. The reason for this change has been a particular drive towards a need for immediacy and ease of use amongst consumers. In short; people now want to do things even faster and with less effort that before. This means that they are entrusting a larger amount of personal data to automated processes within software and applications.

There is also an increasing number of financial transactions are now being carried out through mobile and computer applications. Although a large number of users pay through a secure gateway such as PayPal, and many major credit card providers now have an additional layer of security which forces users to enter random characters from a pre-determined password; some applications still store payment information as a part of the service which they offer.

It seems obvious to point out the need for proper security and encryption of personal and private data, however it is not necessarily the storage of the data which causes the issue, rather it is the means through which the data is kept by the application – such that it is readily accessible when, for example, the user wishes to make a payment – that can cause more problems.

The information must be securely encrypted, but not so inaccessible that the application is unable to access it smoothly. This is a difficult balancing act which developers much reach in order to deliver a smooth experience without sacrificing the safety of the user’s data.

The important of Insecure Cryptographic Storage can be devastating; this is because access to one set of data can often enable hackers to gain access to further information. This is because personal information can be used to obtain passwords for other applications and services. For example; if the hackers are able to find out a certain amount of key security information (home address, mother’s maiden name etc.) then they may well be able to use this to obtain access to other applications and websites which use this data as a part of the security process.

Thankfully, the occurrence of I.C.S. is small as the vast majority of applications and websites have a strong enough level of encryption in place to prevent any unauthorized access. However, this does not mean that you should be complacent as it can be very difficult to detect insecure cryptographic storage. This is because it usually takes place when data which should have been encrypted, is not.

When the correct encryption is employed, off-site backups are securely stored and the amount of data stored is kept to a minimum you can be assured that you are limiting the chances for hackers to gain unauthorized access to any data. If your data is properly encrypted then any potential hackers will be prevented from having an easy means of stealing it.

Image Credits: © William Iven -