Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

How Secure Are Your Communication Applications?

DZone's Guide to

How Secure Are Your Communication Applications?

A look at the vulnerabilities that surround contemporary channels of communication, and how developers can work to make them more secure.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Personally identifiable information (PII) within corporations is worth millions. This data is even more valuable to malicious actors. I've noticed that a majority of corporations rely on consumer apps for communication, cloud storage, and collaboration.

Have you ever considered the messaging apps that people in corporations use? According to some statistics in 2017, the biggest instant messaging apps in the world are WhatsApp and Facebook with 1 billion users, QQ Mobile and WeChat with 800 million users, and Skype with 300 million users. Hangouts, Viber, Line, and BBM follow. Lots of users are on multiple platforms as well. In fact, 7 out of 10 Snapchat users definitely use another mainstream chat app.

Mainstream applications have been compromised more than once - some through affiliation with government surveillance programs and others through the inspection of privacy watchdogs.

One investigation was conducted by the Electronic Frontier Foundation in collaboration with Julia Angwin of ProPublica and Joseph Bonneau of the Princeton Center for Information Technology Policy. They dubbed it a "Campaign for Secure and Usable Crypto," a project which started in late 2014 and has continued every year. The EFF, Angwin, and Bonneau are studying mainstream instant messaging apps and publish their results in an easy to understand scorecard table.

The applications have been analyzed according to the same seven criteria. They are as follows:

  1. Is the message encrypted in transit?
  2. Do the developers hold the encryption keys?
  3. Can a user verify identities?
  4. If your key is stolen, are your chat messages still secure?
  5. Can people research and view the source code?
  6. How well is the encryption method documented?
  7. Has the application gone through a security audit?

What can we take away from all of this research? Obviously, we can see that many of these mainstream messaging apps are unsecure. Additionally, we can see how the study hasn't made these apps much more secure. This proves that such apps aren't fit for handling corporate communications, which is often very sensitive.

Corporations need a robust communication platform for chat, emails, calls, collaboration, and file storage that's encrypted with strong AES-256 with ChaCha20 at a minimum and RSA 4096-bit key cryptography. This ensures that messages are sent through secure channels, free from malicious third parties.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
security ,cybersecurity ,data security ,pii

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}