Automated pre-prod scans on daily builds and weekly releases
Automated scans on production App Store/Google Play apps
Automated results publication to bug tracking software (e.g. JIRA)
Access to Secure Code (Objective-C/Swift, Java, C#) for quicker remediation by developers.
Quarterly check-ins with security/developer teams to review bugs and address priority items.
Get setup within minutes for "rinse, repeat, scale", 24/7/365
|Mobile Scans Types||
|Monthly AppSec Metrics|
|Identify 3rd Party Software|
|Open Source Libraries|
|Static Code Analysis|
|Dynamic Run-time Analysis|
|Suspicious Endpoint Analysis|
|Data At-Rest Analysis|
|Auto-Scan each Release|
|Source Code GitHub Repository|
|Direct API Access|
|Request a Quote|
Monthly AppSec Metrics
Full metrics on the security posture of all your apps, delivered every month.
Priority Alerts: Delivered
Urgent notifications are sent immediately if an app is vulnerable to a mobile P1 issue. Priority 1 (P1) issues are critical items that remotely expose customer data to unauthorized parties or items that will negatively impact a customer’s brand.
Identify 3rd Party Software
Enumerate your Open Source Software (OSS) and/or 3rd-party SDKs, embedded libraries, packagers, and plug-ins in the app.
Alerts customers if their apps contain vulnerabilities that are being publicized by major media outlets, such as the WSJ, NYT, CNN, Register, FTC, Customer Reports, etc.
Scan Open Source Libraries
Detects when vulnerable Open Source Software (OSS) has been embedded in the app.
Detect Vulnerable Commercial SDKs
Detects when vulnerable commercial SDKs have been embedded in the app.
Static Code Analysis
Run an analysis of the mobile binary and its source code. The .ipa, .apk, .xap, and/or the .appx file is decompiled/disassembled and scanned for security & privacy issues.
Dynamic Run-time Analysis
Performs a run-time analysis on your apps, including each app screen, user flow, API, and/or app logic.
Suspicious Endpoint Analysis
Determines if the mobile app, or any of its 3rd-party components, is connecting to endpoints, domains, and/or IP addresses known to be malicious.
Data At-Rest Analysis
Scans all data stored on the devices for PII and PHI, including Passwords/PINs, Credit Card Numbers, SSNs, MRNs, DOBs, Addresses, etc.
Pilot the service first by getting full metrics on the security posture of all your apps, delivered every month. Metrics include stats (numbers only) from our Baseline subscription. Sign-Up Today, No Credit Card Required.