SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
  • SOLUTIONS
    • Application Security
    • DevSecOps
    • Digital Forensics
    • IT Operations Management (ITOM)
    • Malware Analysis and Reverse Engineering
    • Network Management System (NMS)
    • Network Operation (NetOps)
    • Network Performance Monitoring and Diagnostics (NPMD)
    • Penetration Testing
    • Secure Development
    • Security Information & Event Management (SIEM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Brand Overview
      • Acunetix
      • E-Lock
      • Hex-Rays
      • Immunity
      • Progress | Ipswitch
      • Metageek
      • Qualys
      • Parasoft
      • Tenable
      • Titania
      • Veracode
    • Rest of Brands
      • Adobe
      • BeyondTrust
      • Core Security
      • DefenseCode
      • HCL
      • ImmuniWeb
      • LiveAction
      • McAfee
      • Micro Focus
      • Microsoft
        • Microsoft Surface
      • Netsparker
      • Nutanix
      • Paessler
      • PECB
      • Portswigger
      • Red Hat
      • Riverbed
      • RSA
      • Solarwinds
      • TamoSoft
      • Trend Micro
      • TSFactory
      • Trustwave
      • VMware
      • VanDyke
      • Visiwave
    • Services Overview
    • Line Card
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Careers
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Brand
  • Codified Security Solution Overview
0
E-SPIN
Sunday, 29 October 2017 / Published in Brand, Codified Security, Product

Codified Security Solution Overview

Codified Security Solution Overview

Codified Security is available Online (cloud hosted), or On Premise, and comes with an API that has all of the product’s functionalities available for integration.

Client side security testing

Codified Security’s custom static analysis engine decompiles each mobile app from its binary file to test the client side code.

Each line of code is tested against our rulesets to find security vulnerabilities and flaws in code at rest.

Issue verification

The traditional problem of static analysis, a high false positive rate, creates issues that either do not exist or pose no threat to a mobile app’s security.

We use issue verification as part of the calibration process to examine the initial test results for false positives. The false positives are marked for future tests and removed from final results.

The next step is to hide third party modules and libraries to show the issues that you need to fix in your proprietary code.

After issue verification a report shows details for each of the vulnerabilities and, on Android and Xamarin apps, shows the the file and line of code that contains the issue.

When you upload the next build the platform will help you to focus on new issues or regressions.

Our simple web dashboard

The web platform makes it simple to upload apps, run client side security testing, and view a comprehensive report that shows the vulnerabilities your mobile app contains.

The web platform has app upload options that include app store URLs, APKs & IPAs, and integration with beta-distribution platforms for build testing. Codified Security has support for HockeyApp and Google Play

Developers

Our reports are optimised for ease of reading and exporting with each report showing you what each vulnerability is, why it is a risk, how to fix it, and, on Android & Xamarin.Android, the exact lines of code that need to be secured.

The web platform has options to manage email notifications, integrations with Slack & Hipchat, access for team members and manage third party libraries.

What we test for

Codified Security uses a range of techniques to protect against the abuse of a mobile app’s business logic and the vulnerabilities that open the door to a data breach.

Our static analysis engine tests hundreds of unique rules against the mobile client side.

These static tests pair with our human led dynamic analysis to look for a core set of problems across the iOS & Android platforms, this includes:

Reports

Codified Security’s reports detail whether the vulnerabilities are Critical, Severe, or a Warning, giving details of what each vulnerability is, why you need to fix it, how to fix it, any compliance rules the app is in breach of, and the exact file and line of code where the problem is located. The reports are available online or exportable in a PDF or Word format.

Integration options

Codified Security plugs into existing development environments and practices that you use to support developers throughout the Software Development Lifecycle.

API

You get to decide where and how to run mobile app security tests with our API. The API has access to all of Codified Security’s features and synchronises with the web platform to give a consistent view of mobile app security for all team members.

CLI

Our CLI binary, self contained and built in Go, makes it simple for developers to add Codified Security to their Continuous Integration setup.

The CLI binary works with any build server configuration including TeamCity, Microsoft Visual Studio Team Services, & Bitrise.

Overwatch

Overwatch is Codified Security’s research unit that combines machine learning with human expertise to mitigate the risk of new mobile app security issues.

A web crawler checks for reports of new mobile vulnerabilities, using a feed from the MITRE Common Vulnerabilities and Exposure list (CVE) and Android Security updates. We use this data to build out new rules that are added to our custom rules engine.

This keeps mobile apps secure against new security issues and works with our security notifications to let you know when your mobile apps are vulnerable.

For companies with distinct compliance concerns our researchers will change rules to reflect compliance needs, whether this is changing the risk level of certain rules or ignoring individual rules according to the particular requirements of a mobile app.

We know each company has different needs and will work with you to accommodate your requirements.

Compliance

Codified Security’s rules engine recognises the Open Web Application Security Project Mobile Top 10 (OWASP), Payment Card Industry Data Security Standard 3.2 (PCI-DSS) and Health Insurance Portability and Accountability Act (HIPAA).

Codified Security gives you a transparent way to understand the compliance of your mobile apps and data privacy risks.

Codified Security helps to fulfil testing obligations and secure mobile apps against the security frameworks of OWASP, PCI-DSS, and HIPAA, however, we do not issue certificates of compliance.

The rules that are applied to each mobile app are customisable according to the risk policies in use at your company. This makes it possible to change the risk level or ignore individual rules according to the particular requirements of a mobile app.

PCI-DSS

For a mobile app to be compliant with PCI-DSS there are a number of requirements that Codified Security covers:

  • Identifying and mitigating vulnerabilities in custom and third-party code (Requirements 6.1, 6.2, 6.3, 6.4, 6.6)
  • Performing code reviews by an independent organisation knowledgeable in secure coding practices (Requirement 6.3.2)
  • Training developers in secure coding techniques (Requirement 6.5)
  • Regularly testing systems and processes (Requirement 11.3)
  • Maintain an information security policy (Requirement 12)

HIPAA

HIPAA requires health care institutions and holders of health data to ensure the confidentiality, integrity, and availability of all electronic protected health information (PHI) and protect against any reasonably anticipated threats or hazards to the security of such information. In particular, we help address sections §164.308 to §164.31 of the Security Rule including:

  • Risk analysis and management: Assess risks and vulnerabilities in applications that handle PHI
  • Authentication: Verify that session identifiers are not vulnerable to authentication attacks
  • Data security: Ensure that applications have implemented encryption properly for data-in-transit and data-at-rest
  • Malicious code: Protect applications from malicious code and backdoors

OWASP Mobile Top 10

The OWASP Mobile Top 10 polls the security and app development industry for mobile app vulnerability statistics to profile the riskiest vulnerabilities in the mobile threat landscape. The OWASP Mobile Top 10 is the foundation for secure mobile app development, Codified Security covers:

  • M1 Weak Server Side Controls
  • M2 Insecure Data Storage
  • M3 Insufficient Transport Layer Protection
  • M4 Unintended Data Leakage
  • M5 Poor Authorization and Authentication
  • M6 Broken Cryptography
  • M7 Client Side Injection
  • M8 Security Decisions Via Untrusted Inputs
  • M9 Improper Session Handling
  • M10 Lack of Binary Protections

Your privacy and our security

Codified Security uses a number of features to ensure security for our platform and our customers.

We do not require source code. We use the IPA, APK, or compiled DLL (Xamarin) binaries, to test the code that will be published to public app stores.

No app binaries are stored on our server, each app package is discarded and erased alongside any artefact that the process generates.

The data on each mobile app’s vulnerabilities is hosted on a secure Google Cloud Platform server hosted in the EU with the option to provision customers on to specific data regions. We use automated security and monitoring to follow Google’s standards for securing endpoints as well as going through ad hoc security audits.

Codified Security Solution Overview

Product Overview Video

Kerry Lothrop, a Microsoft Cybersecurity MVP, talking about Codified Security’s product during a talk on Xamarin app security at the 2016 Xamarin Evolve conference (starts from 40.40).

 

Tagged under: Codified Security, Mobile Application Security

What you can read next

Secure Application Tunneling and Connectivity
WS_FTP Server Latest Build and Release
Best Practices for Cloud Monitoring
E-SPIN Monitoring & Managed Service for Enterprises
E-SPIN Element/Network Management System (EMS/NMS)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Why paper planner, notebook and journal still one of modern productivity tool

    Paper planner is symbol of dated work practice?...
  • The future of work after COVID-19

    Let’s get real, despite the vaccine rolli...
  • Retail trends for 2021 and beyond

    After a year long of COVID-19 pandemic, lockdow...
  • AppSec Lab AppUse Pro product discontinued notice

    For all the business partners and customers, Be...
  • Linux dominance DevSecOps

    Whether from the DevOps to modern DevSecOps, Li...

Recent Comments

  • Dorai M on 5 Common ML Challenges Data Scientists Face

Archives

  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011
  • February 2009
  • July 2008

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • BeyondTrust
  • Brand
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DefenseCode
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Ipswitch
  • Job
  • Life Science
  • LiveAction
  • Logpoint
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PECB
  • PortSwigger
  • Pradeo
  • Product
  • Qualys
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Smart City
  • Soft Activity
  • SolarWinds
  • Solution
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Careers
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2021 E-SPIN Group of Companies | All rights reserved.
  • Contact
  • Privacy
  • Terms of use
TOP