Mobile Defense AppAudit

redlemonbalmMobile - Wireless

Dec 10, 2013 (3 years and 10 months ago)

211 views


Mobile Defense Inc.

7055 Engle Rd. Suite 304

Cleveland, OH 44130

+1 650 450 9209

www.mobiledefense.com


AppAudit Product
Overview


Page
1

of
5

© 201
3

Mobile Defense Inc. All rights reserved. Patents pending.

Revised
2/
6
/2013

Mobile Defense is a leading provider of enterprise
-
grade mobile services focusing on
application security, device management, and mobile triage.


Mobile Defense
AppAudit


Scan
Your Mobile
App
lication

in Seconds to Uncover
Hidden
Security

and Privacy
Risks


Organizations of all types and sizes are increasingly dependent on mobile applications
to drive
revenue

with customers and productivity with employees.
T
he
valuable
data
held by mobile applications
make
them targets for attack
.
Evolving

threats require
innovative application risk management in addition to security testing.

AppAudit
helps
you meet

these
challenges
.


The technology behind AppAudit
is

trusted by some of the l
argest companies in the
world.
Our unique technology provides risk intelligence necessary to
gain

a deeper
understanding

of mobile applications.

Companies like Cisco use it for managing risk and
rapidly deploying mobile applications in a secure and complia
nt enterprise.
N
ow

we are

offering that same level of service to
everyone through

AppAudit
. Scan your app
lication

today to identify

security
and privacy risks.



Vulnerabilities and unsafe development practices are automatically flagged.



Mobile Defense Inc.

7055 Engle Rd. Suite 304

Cleveland, OH 44130

+1 650 450 9209

www.mobiledefense.com


AppAudit Product
Overview


Page
2

of
5

© 201
3

Mobile Defense Inc. All rights reserved. Patents pending.

Revised
2/
6
/2013

Proven
Technology


For over
two

years our
threat management
technology has been
deployed in
demanding

corporate
IT environments, meeting the highest security standards
.

Mobile
Defense has won several awards, including Best Security Application for the Android
platform and has been featured in online publications, such as
Tech
Crunch, PC World,
and CNET. Our solutions are safeguarding millions of users
by scanning thousands

of
mobile applications in real time.


Architecture Specific


A
s a

leader in mobile security
,
Mobile Defense
is

sought out by
large enterprises

becaus
e of our deep
understanding
and experience with

Android vulnerabilities
.
Our
system has been designed to
identify

privacy and security risks missed by

other tools
.



Vulnerability Assessment
s


Mobile defense uses
advanced static analysis techniques

to assess intent and
vulnerabilities of an application
.

Vulnerabilities

and security holes
may exist in
applications that are not intentionally malicious, and therefore may go undetected in red
light/green light evaluations.


Easy Integration
w
ith Your
Development Life Cycle


AppAudit easily integrates into your
S
ecure
S
oftware
D
evelopment
L
ife
C
ycle (S
-
SDLC
)
, continuous integration server

or release management process

without
slowing

you

down
. Our service will help you uncover vulnerabilities

early in your
development
cycle,

when they
are
less exp
ensive to fix
.
1







1

McConnell
,
Steve
.

Software Quality at Top Speed
,”
Software Development
,
August 1996
.

http://www.stevemcconnell.com/articles/art04.htm



Mobile Defense Inc.

7055 Engle Rd. Suite 304

Cleveland, OH 44130

+1 650 450 9209

www.mobiledefense.com


AppAudit Product
Overview


Page
3

of
5

© 201
3

Mobile Defense Inc. All rights reserved. Patents pending.

Revised
2/
6
/2013

Source Code

Access

Not Required


AppAudit

uses the compiled binary for analysis. The original source code is not
required.
U
pload your application as you would submit it to any app market and
we will

generate
your

actionable
risk
report
.



Go
-
To
-
Market With Confidence


No training is required. J
ust

upload your Android
application

to get

a

report in seconds.
With binary analysis, your development process will not be inhib
ited while still gaining

an increase in quality, privacy, and security in the overall
Secure
Software Development
Life Cycle (
S
-
SDLC)
.

Our security platform performs scans of
a
pplication
s. It does not
perform app
lication

functionality testing on devices
.


Standard

Service

Level


Our standard service level provides support for detecting common development and

release cycle errors. For example:



Unprotected Services

-

Reveal sensitive information or leak permissions to
applications that interact with them.



Permission Balancing

-

Declared in AndroidManifest.xml but unused in an
application
, violating the principl
e of least privilege
.
Uses a permission that is not
declared in AndroidManifest.xml
.

Undeclared permissions can cause an
application to crash

or silently fai
l
.



Common Developer Mistakes

-

Manifest debuggable
.
Unsecured content
provider: Content providers
allow the application to share information with other
applications on the device. Content providers may allow other applications to
access sensitive information that should not be shared.




Scan 3rd party Libraries

-

List of third party adware and external
libraries used by
an application.

Premium
Service Level


Our premium offering provides in depth analysis using both:



Dynamic Analysis

-

Runtime emulation is used to simulate typical application
usage and determine behaviors that cannot be detected during s
tatic analysis.
Various data
are

collected and evaluated, including logs, network traffic, resource
usage, and file I/O.


Mobile Defense Inc.

7055 Engle Rd. Suite 304

Cleveland, OH 44130

+1 650 450 9209

www.mobiledefense.com


AppAudit Product
Overview


Page
4

of
5

© 201
3

Mobile Defense Inc. All rights reserved. Patents pending.

Revised
2/
6
/2013



Static Analysis

-

An application is disassembled and facts are automatically
generated based on the contents discovered. These static
facts include details
about the state of the applicatio
n during likely execution paths.


We detect
p
oten
tial data leakage, analysis of A
ndroid permissions, and uses of
cryptography, URLs, and other obfuscation techniques.


E
nterprise and Custom Plans

For l
arge deployment Mobile Defense offers services customized to your needs:



Your Organization
, Your Workflow



Support
s

custom workflows and special
rules.




API
Access



Secure
Web

API

to integrate deeply into your
environment
.




Virtual Private Cloud



For
special requirements and security policies.




Virtual Appliance



Lower cost and maintenance free. Updates and replacements
in minutes.




Unlimited Apps and Users



Scan as many mobile apps as you develop and
gr
ant

access to AppAudit to as many users as you
need.



Frequently Asked Questions


What if I want to cancel my service?


You can cancel anytime. The service is pay as you go, month
-
to
-
month. If you decide
AppAudit

is not right for your needs, simply cancel your subscription before the next
billing date.


What is your refund policy?


The AppAudit
s
e
r
v
i
c
e

is billed in advance on a monthly basis. There will be no refunds
or credits for partial months of service, upgrade/downg
rade refunds, or refunds for
months unused with an open account. No exceptions will be made.



Mobile Defense Inc.

7055 Engle Rd. Suite 304

Cleveland, OH 44130

+1 650 450 9209

www.mobiledefense.com


AppAudit Product
Overview


Page
5

of
5

© 201
3

Mobile Defense Inc. All rights reserved. Patents pending.

Revised
2/
6
/2013

Is AppAudit Secure?


The Mobile Defense team leverages a background in mobile banking, implementing the
same best practices and encryption used by the financial
industry. Our datacenter is
SAS70 certified, our payment processor is PCI compliant, and our cloud
-
based server
architecture is designed for high availability.


Where do I go if I need help?


Contact us directly by email at helpdesk@mobiledefense.com or ca
ll 650
-
450
-
9209.


























For More Information


To learn more about AppAudit please email sales@mobiledefense.com or call us at
650
-
450
-
9209.



Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countri
es. A
listin
g of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third
-
party trademarks mentioned are the property of
their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other
company.

Standard

$99/month

1 App
lication

Unprotected Services

Permission Balancing

Common Developer Mistakes

Scans 3rd Party Libraries

Android Only

1 User

Premium

$799/month

Includes all Standard

Features

2
-
10 App
lications

Dynamic Analysis

Data Flow Analysis

CI Integration |
Custom Rules

Android and iOS

5 Users

Enterprise

Call

650
-
450
-
9209

for Pricing

Customized for Your Organization

10+ Apps

API
A
c
c
e
s
s

Virtual Appliance

Virtual Private Cloud

Unlimited Users