NowSecure Launches GovAppDB™ and Threat Assessment Service to Support New Federal Mandates for Mobile Security and Privacy

The solution suite enables agencies to quickly access security threat reports, vulnerability information and SBOMs for commercial mobile app supply chain to support federal tracking and reporting mandates from EO, CISA OMB and DoD

NowSecure Launches GovAppDB™ and Threat Assessment Service to Support New Federal Mandates for Mobile Security and Privacy NowSecure Launches GovAppDB™ and Threat Assessment Service to Support New Federal Mandates for Mobile Security and Privacy Show More
magnifying glass icon

Security Testing Mobile Apps with viaLab

Presented on August 20, 2013

For many companies mobile application development is a general unknown. Finding the right developers with the correct skills and knowledge to create applications that are both user friendly and secure against the many mobile attack surfaces is difficult to say the least. Doing that while getting your application to market in a timely manner adds an additional level of difficulty.

In viaForensics’ webinar Security Testing Mobile Apps with viaLab, viaForensics Mobile Services Manager Katie Strzempka discusses many of the mobile attack vectors that organizationes and individuals face in today’s workplace.

We will then live demo how to use viaLab, our automated mobile application security testing suite, to efficiently and effectively test your mobile applications for a variety of these security vulnerabilities, enabling you to get to market with your apps faster and more securely than ever before.

Included in the live demonstration:

  • Man-in-the-Middle attack
  • SQL CPro Injection attack
  • SSL Strip attack
  • Advanced sensitive data search / discovery

Slides and discussions of particular note:

  • 5:45 – Detailing the main viaLab interface
  • 11:20 – Automated searching including regular expression and hashed value searches
  • 13:00 – Search results, including discovered social security number and password
  • 18:40 – Automated SSL strip (HTTPS downgrade to HTTP)
  • 19:50 – SSL Proxying
  • 21:50 – Advanced forensics analysis using viaLab
  • 26:25 – Memory dump and sensitive data searching
  • 30:55 – Content provider (CPro) SQL injection
  • 31:45 – Advanced assessment options – remote shell and pcap testing
  • 34:00 – Reporting
  • 36:20 – Q&A