名词解释|什么是应用程序强化?

首页 蛮犀资讯 名词解释|什么是应用程序强化?

应用程序强化是一个处理完成的应用程序并使其更能抵抗逆向工程、篡改、侵入性监控和入侵的过程。结合安全编码实践,应用程序强化是公司保护其应用程序 IP 并防止不良用户滥用、欺骗和重新打包的最佳实践。这是任何安全软件开发生命周期过程结束时的关键步骤,可确保应用程序在运行时按设计运行,并阻止网络犯罪分子将应用程序逆向工程回源代码的努力。
通常有两种类型的应用程序加固解决方案:被动加固(一组技术,使应用程序更能抵抗基于静态分析的攻击)和主动加固(一组技术,通过检测调试器等工具的使用和更改来阻止它们应用程序的响应行为)。应用程序加固技术只需要开发人员几分钟即可完成安装。通常,应用程序强化套件包括集成工具以促进应用程序强化。同样,许多应用程序强化包使应用程序开发人员能够通过屏蔽解决方案中包含的软件开发工具包 (SDK) 集成他们的产品。一旦获得保护,应用程序就可以立即通过公共或企业应用程序商店进行分发。
Hardening
Application hardening is a process of taking a finished application and making it more resistant to reverse-engineering, tampering, invasive monitoring, and intrusion. Combined with secure coding practices, application hardening is a best practice for companies to protect their app’s IP and prevent misuse, cheating, and repackaging by bad users. It is a key step at the end of any secure software development life cycle process, which ensures that the app is running as designed at runtime and thwarts cybercriminals’ efforts to reverse engineer the app back to source code.
Generally there are two types of app hardening solutions: passive hardening (a collection of techniques that make the application more resistant to attacks based on static analysis) and active hardening (a collection of techniques that hinder tools like debuggers by detecting their use, and changing the application’s behaviour in response). App hardening technology require only a few minutes for the developers to install. Typically, application hardening kits include integration tools to facilitate application hardening. Similarly, many application hardening packages enable application developers to integrate their products through a Software Developer Kit (SDK) included with the shielding solution. Once secured, the applications are immediately ready for distribution via public or enterprise app stores.