application security testing automated mobile · analyzing any apps supporting app ... securing...

AUTOMATED MOBILE APPLICATION SECURITY TESTING

Android & iOS

Analyzing any apps Supporting app development

Improving safety, time & cost efficiency

Securing your mobile environment

Protecting your corporate data

WHO WE AREIntroduction

We found Security Issues in

Source: https://cnet.co/2Bx97Sf

Malware functions Data leakage

Bad coding practices Vulnerabilities

User profiling, trackers Privacy breach

BEHINDTHE PROBLEM

Introduction

MANUAL SCAN

Slow and expensive

Prone to human error

Problems with existing solutions

You don’t have the code

3rd party/embedded librarie

Problems with existing solutions

ANALYSISSOURCE CODE

Too many false positives and non-public apps

Internal apps, latest apps are not scanned

Not enough information

REPUTATION FEED

Problems with existing solutions

MOBILE APP

A fully automated mobile security analysis tool

designed to find security issues,privacy breaches and potential data leaks in smart device applications.

WHAT IS APP-RAY?Introduction

FAST

EFFICIENT COMPREHENSIVE

Fully automated scans

No manual interaction is required

Comprehensive reports

Executive overview

Highlighting all issues found

API for integration

Automatic and batch mode processing

Android & iOS apps supported*

FEATURESOur solution

Dynamic, behavior-based analysis

Static code analysis

Multiple different analysis techniques

Coding problems (e.g. SQL injections, using deprecated APIs)

Encryption related issues (SSL/TLS problems)

Capability & data leaks

Anti-debugging techniques

Unmodified & instrumented testing in emulator

Network communication

File access

Disassembling & Analyzing apps

Code decompile (SMALI)

Obfuscated apps can also be scanned

Drilling down into detected issues

Code decompile (SMALI)

Obfuscated apps can also be scanned

Manual Upload

Devices

App Stores

Meta Data Analysis

Instrumentation

Hybrid Analysis

Static AnalysisPlain Dynamic Analysis

Evaluation

Reporting

APP-RAY OPERATIONOur process

What about external apps and

BYOD?

Do they leak company assets or

track users?

Are the apps used in my organization

secure?

How do I comply with regulations and

security standards?

Are there security problems or backdoors

in my apps?

SECURITY TESTING?Why do we need Application

Run in your own environment

Integrate easily with your internal in-house system

DEPLOYMENT

Multiple deployment options

ON-PREMISES

No installation / maintenance needed

Dedicated environment in App-Ray Cloud

No installation / maintenance needed

No installation / maintenance needed

DEPLOYMENT

Multiple deployment options

HOSTED / CLOUD

Operations

DevOps

Integrated Deploy & Test

Automated Provisioning

Automated Build & Deploy

Automated Testing

Image Management

Patch Management

Auto Env Deploy

Start / Stop Scripts

Rolling Upgrades

Security Config

Quality Assurance (QA)

Test Scripts

Test Deploy

Load / Soak Scripts

Data Provisioning

Baseline / Benchmark

Testing Reports

Development

SCM / Version

Build Scripts

Dependancy Map

Component Deploy

System Deploy

Automation: It’s all code● Save it● Version it● Measure it● Evolve it

IntegrationsJenkins

JIRA

Slack

DEVOPSSSECThe process

SUMMARYWhy App-Ray

Continuous protection

Time & Cost saving

Protect Data & Privacy

ScalabilityReduce risk

Mission statement

We scan smart device apps to show you what threatens your data, your privacy and your company's future.

Edge-of-technology solutions

We work in strong cooperation with the proven research institute Fraunhofer to provide edge-of-technology solutions.

Corporate details

● HQ located in Vienna, Austria

● Founded by cyber-security experts

● Research started in 2013

● Company founded in 2015, serving customers now

You are in a good company

TECH PARTNERSTRUSTING US &

GET IN TOUCHAre you interested?

Zsolt Nemeth

zn@app-ray.co

www.app-ray.co

EU | +43 1 276 2373

US | +1 628 228 7843Founder & CEO