Inspection

What is it?

Inspection is part of the Data Theorem analyzer engine process, and it occurs after discovery. Before inspection, asset grouping occurs where a policy is defined to isolate the highest priority or project based checks. During inspection, the engine runs the selected checks on the existing discovered inventory and assets, as well as runs hacks against these same assets. The checks are for compliance, vulnerabilities, and the attacks are run on the application assets to confirm security concerns by eliminating data breaches from common hacks.

How does it work?

In some of the Data Theorem products such as Mobile Secure, policy is defined based on existing standards that are defined within the industry, but in other tools such as Web Secure and API Secure the client is given the opportunity to define priorities as they pertain to the project.

In Mobile Secure, the Data Theorem analyzer engine first checks for compliance as well as app store blockers. The compliance checks align with international and local regulatory standards such as OWASP for Mobile, or PCI, traditional OWASP, GDPR, CCPA, HIPAA, MITRE, SOC 2 and more.

The Data Theorem platform enables you to select API with an assigned specific security policy composed of custom checks that you want on a continuous basis. The custom checks mandated in the security policy are checks that are important for this group of APIs – enabling you to group Shadow API checks to scan for personal data or APIs within a project or release. Uncover shadow APIs, leaky APIs, and APIs containing sensitive customer data. Furthermore, use Data Theorem’s hack and attack tools in an automated way. Emulate a hacker persona and see if your applications are vulnerable or susceptible to common hacks used by threat actors around the globe.

 

Securing the Mobile and API Connected Work Space

Data Theorem helped Evernote identify and close 105 security issues and remove 17 harmful third-party libraries, all before releasing them to the public app stores.