Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
AUTOMATED MOBILE APPLICATION SECURITY TESTING
Android & iOS
Analyzing any apps Supporting app development
Improving safety, time & cost efficiency
Securing your mobile environment
Protecting your corporate data
WHO WE AREIntroduction
We found Security Issues in
Source: https://cnet.co/2Bx97Sf
Malware functions Data leakage
Bad coding practices Vulnerabilities
User profiling, trackers Privacy breach
BEHINDTHE PROBLEM
Introduction
MANUAL SCAN
Slow and expensive
Prone to human error
Problems with existing solutions
You don’t have the code
3rd party/embedded librarie
Problems with existing solutions
ANALYSISSOURCE CODE
Too many false positives and non-public apps
Internal apps, latest apps are not scanned
Not enough information
REPUTATION FEED
Problems with existing solutions
MOBILE APP
A fully automated mobile security analysis tool
designed to find security issues,privacy breaches and potential data leaks in smart device applications.
WHAT IS APP-RAY?Introduction
FAST
EFFICIENT COMPREHENSIVE
Fully automated scans
No manual interaction is required
Comprehensive reports
Executive overview
Highlighting all issues found
API for integration
Automatic and batch mode processing
Android & iOS apps supported*
FEATURESOur solution
Dynamic, behavior-based analysis
Static code analysis
Multiple different analysis techniques
Coding problems (e.g. SQL injections, using deprecated APIs)
Encryption related issues (SSL/TLS problems)
Capability & data leaks
Anti-debugging techniques
Unmodified & instrumented testing in emulator
Network communication
File access
Disassembling & Analyzing apps
Code decompile (SMALI)
Obfuscated apps can also be scanned
Drilling down into detected issues
Code decompile (SMALI)
Obfuscated apps can also be scanned
Manual Upload
Devices
App Stores
Meta Data Analysis
Instrumentation
Hybrid Analysis
Static AnalysisPlain Dynamic Analysis
Evaluation
Reporting
APP-RAY OPERATIONOur process
What about external apps and
BYOD?
Do they leak company assets or
track users?
Are the apps used in my organization
secure?
How do I comply with regulations and
security standards?
Are there security problems or backdoors
in my apps?
SECURITY TESTING?Why do we need Application
Run in your own environment
Integrate easily with your internal in-house system
DEPLOYMENT
Multiple deployment options
ON-PREMISES
No installation / maintenance needed
Dedicated environment in App-Ray Cloud
No installation / maintenance needed
No installation / maintenance needed
DEPLOYMENT
Multiple deployment options
HOSTED / CLOUD
Operations
DevOps
Integrated Deploy & Test
Automated Provisioning
Automated Build & Deploy
Automated Testing
Image Management
Patch Management
Auto Env Deploy
Start / Stop Scripts
Rolling Upgrades
Security Config
Quality Assurance (QA)
Test Scripts
Test Deploy
Load / Soak Scripts
Data Provisioning
Baseline / Benchmark
Testing Reports
Development
SCM / Version
Build Scripts
Dependancy Map
Component Deploy
System Deploy
Automation: It’s all code● Save it● Version it● Measure it● Evolve it
IntegrationsJenkins
JIRA
Slack
DEVOPSSSECThe process
SUMMARYWhy App-Ray
Continuous protection
Time & Cost saving
Protect Data & Privacy
ScalabilityReduce risk
Mission statement
We scan smart device apps to show you what threatens your data, your privacy and your company's future.
Edge-of-technology solutions
We work in strong cooperation with the proven research institute Fraunhofer to provide edge-of-technology solutions.
Corporate details
● HQ located in Vienna, Austria
● Founded by cyber-security experts
● Research started in 2013
● Company founded in 2015, serving customers now
You are in a good company
TECH PARTNERSTRUSTING US &
GET IN TOUCHAre you interested?
Zsolt Nemeth
www.app-ray.co
EU | +43 1 276 2373
US | +1 628 228 7843Founder & CEO