NOWSECURE PLATFORM UPDATE DELIVERS GROUNDBREAKING PRODUCTIVITY, PERFORMANCE, COVERAGE AND COST SAVINGS FOR MOBILE APPLICATION SECURITY

Latest version automates policy-driven security testing and dramatically expands mobile security assessment coverage for faster, higher-quality mobile app software delivery at lower cost.

NOWSECURE PLATFORM UPDATE DELIVERS GROUNDBREAKING PRODUCTIVITY, PERFORMANCE, COVERAGE AND COST SAVINGS FOR MOBILE APPLICATION SECURITY NOWSECURE PLATFORM UPDATE DELIVERS GROUNDBREAKING PRODUCTIVITY, PERFORMANCE, COVERAGE AND COST SAVINGS FOR MOBILE APPLICATION SECURITY Show More
magnifying glass icon

Security Testing Mobile Apps with viaLab

Presented on August 20, 2013

For many companies mobile application development is a general unknown. Finding the right developers with the correct skills and knowledge to create applications that are both user friendly and secure against the many mobile attack surfaces is difficult to say the least. Doing that while getting your application to market in a timely manner adds an additional level of difficulty.

In viaForensics’ webinar Security Testing Mobile Apps with viaLab, viaForensics Mobile Services Manager Katie Strzempka discusses many of the mobile attack vectors that organizationes and individuals face in today’s workplace.

We will then live demo how to use viaLab, our automated mobile application security testing suite, to efficiently and effectively test your mobile applications for a variety of these security vulnerabilities, enabling you to get to market with your apps faster and more securely than ever before.

Included in the live demonstration:

  • Man-in-the-Middle attack
  • SQL CPro Injection attack
  • SSL Strip attack
  • Advanced sensitive data search / discovery

Slides and discussions of particular note:

  • 5:45 – Detailing the main viaLab interface
  • 11:20 – Automated searching including regular expression and hashed value searches
  • 13:00 – Search results, including discovered social security number and password
  • 18:40 – Automated SSL strip (HTTPS downgrade to HTTP)
  • 19:50 – SSL Proxying
  • 21:50 – Advanced forensics analysis using viaLab
  • 26:25 – Memory dump and sensitive data searching
  • 30:55 – Content provider (CPro) SQL injection
  • 31:45 – Advanced assessment options – remote shell and pcap testing
  • 34:00 – Reporting
  • 36:20 – Q&A