High-Tech Bridge Launches Free Service for Testing Mobile Apps

Web security company High-Tech Bridge announced on Thursday the launch of a free online service that allows mobile application developers to test their iOS and Android apps.
Mobile X-Ray can test native and hybrid applications, including security and privacy aspects, using dynamic application security testing (DAST), static application security testing (SAST), data encryption testing for communications with APIs and web services, and behavioral analysis.
The service looks for the most common types of vulnerabilities, including ones covered by the OWASP Mobile Top Ten, and provides a user-friendly report that includes remediation guidance. The test results include examples of both insecure and secure code.
In the case of Android apps, developers can upload the APK to Mobile X-Ray, but iOS apps can only be tested if they are compiled as a Simulator app in Xcode.
A test scan conducted by SecurityWeek for the latest beta version of WhatsApp for Android revealed five high severity issues, including hard-coded encryption keys, the use of a weak initialization vector, the use of an intent filter, and the existence of a clear text database. While not all these weaknesses may be exploitable, the test informs developers of the potential issues they need to look into.
The assessment can take less than a minute, but it can also take up to a couple of hours, depending on application complexity and overall system workload.
“Mobile applications have become an inseparable part of everyday business and private life. In light of skyrocketing data breaches, many different research reports urge the enhancement of mobile application security and privacy,” said Ilia Kolochenko, CEO and founder of High-Tech Bridge. “Unfortunately, most developers just don’t have enough resources, time or budget to properly test their mobile app before going to production. At High-Tech Bridge, we are excited to fulfil this gap and offer a unique online service for the benefit of the cybersecurity community and independent developers.”
我们不能阻止数据流向云计算,也难阻挡员工私人计算终端用于工作,所以要让用户保障组织的安全确实是个很大的挑战。
While the Mobile X-Ray tool can be highly useful for application developers, many critical vulnerabilities exist in backend systems, for which High-Tech Bridge recommends its ImmuniWeb Mobile product.
安卓手机惊现木马 手机病毒前十排行榜

Data obtained by the security firm via its ImmuniWeb Mobile product shows that 88% of APIs and web services in the backend are affected by vulnerabilities that allow access to sensitive data, and 69% of APIs and web services do not include mechanisms for mitigating common web attacks.
Nearly all the Android applications tested by High-Tech Bridge had at least one vulnerability covered by the OWASP Mobile Top Ten, and more than 78% of them had at least one high and two medium risk flaws.
In the case of iOS apps, 85% were found to have at least one of the top OWASP vulnerabilities, and roughly 69% had at least one high and two medium risk security holes.
Related: Enterprise Mobile Apps Expose Sensitive Data via Backend Systems
Related: Vulnerabilities Found in Many Mobile Stock Trading Apps
公司应该对信息系统安全事件进行等级划分和事件分类,制定安全事件报告、响应处理程序等应急预案,并定期进行演练,评审和修订。

猜您喜欢

2017杭州云栖大会 智能灾备成亮点
ISO-IEC27001通用信息安全意识培训
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
多方合力 打造“厦门服务”品牌
FOURWINDSINTERACTIVE HARRIERPILOT
网络安全公益短片社交网络安全基础