SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Case Studies
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
    • More theme and feature topics
  • SOLUTIONS
    • Application Lifecycle Management (ALM), DevSecOps/VSM, Application Security
      • Application Security
      • DevSecOps
      • Digital Forensics
      • Secure Development
    • Cybersecurity, Governance Risk Compliance (GRC) and Resiliency
      • Governance, Risk Management and Compliance (GRC)
      • Malware Analysis and Reverse Engineering
      • Security Information & Event Management (SIEM)
      • Security Configuration Management (SCM)
      • Threat, Risk and Vulnerability Management
      • Penetration Testing and Ethical Hacking
    • Modern Infrastructure, NetOps
      • Network Performance Monitoring and Diagnostics (NPMD)
      • IT Operations Management (ITOM)
      • Network Operation (NetOps)
      • Network Management System (NMS)
    • Modern Workspace & Future of Work
      • Digital Workspace
      • End User Computing (EUC)
      • Securing Hybrid Workforce
      • Unified Endpoint Management (UEM)
      • User Activity Monitoring (UAM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Hidden Menu
      • Brand Overview
      • Services Overview
      • E-SPIN Product Line Card
      • E-SPIN Ecosystem World Solution Portfolio Overview
      • GitLab (DevOps, DevSecOps, VSM)
      • Hex-Rays (IDA Pro, Hex-Rays Decompiler)
      • Immunity (Canvas, Silica, Innuendo)
      • Parasoft (automated software testing, AppSec)
      • Tenable (Enterprise Vulnerability Management)
      • Veracode (Application Security Testing)
    • Cybersecurity, App Lifecycle, AppSec Management
      • Cerbero Labs (Cerbero Suite)
      • Core Security (Core Impact, Cobalt Strike)
      • HCL (AppScan, BigFix)
      • Invicti (Acunetix, Netsparker)
      • ImmuniWeb
      • UBsecure (Vex)
      • Portswigger (Burp Suite Pro, Burp Suite Enterprise)
      • Titania (Nipper Studio)
      • TSFactory (User Activity Monitoring)
    • Infrastructure, Network, Wireless, Cloud Management
      • Metageek (Wi-Spy, Chanalyzer, Eye P.A.)
      • Progress (WhatsUp Gold, WS_FTP, MOVEit MFT)
      • Paessler
      • Solarwinds (IT Management)
      • TamoSoft (wireless site survey)
      • Visiwave (wireless site survey, traffic analysis)
      • VMware (Virtualization, cloud mgt, Digital Workspace)
    • Platform products
      • Adobe (Digital Media Creation)
      • Micro Focus
      • Microsoft
      • Red Hat (Enterprise Linux, OpenStack, OpenShift, Ansible,JBoss)
      • SecHard
      • SUSE (Enterprise Linux, Rancher)
      • Show All The Brands and Products (Full)
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • Brand
  • Codified Security Solution Overview
0
E-SPIN
Sunday, 29 October 2017 / Published in Brand, Codified Security, Product

Codified Security Solution Overview

Codified Security Solution Overview

Codified Security is available Online (cloud hosted), or On Premise, and comes with an API that has all of the product’s functionalities available for integration.

Client side security testing

Codified Security’s custom static analysis engine decompiles each mobile app from its binary file to test the client side code.

Each line of code is tested against our rulesets to find security vulnerabilities and flaws in code at rest.

Issue verification

The traditional problem of static analysis, a high false positive rate, creates issues that either do not exist or pose no threat to a mobile app’s security.

We use issue verification as part of the calibration process to examine the initial test results for false positives. The false positives are marked for future tests and removed from final results.

The next step is to hide third party modules and libraries to show the issues that you need to fix in your proprietary code.

After issue verification a report shows details for each of the vulnerabilities and, on Android and Xamarin apps, shows the the file and line of code that contains the issue.

When you upload the next build the platform will help you to focus on new issues or regressions.

Our simple web dashboard

The web platform makes it simple to upload apps, run client side security testing, and view a comprehensive report that shows the vulnerabilities your mobile app contains.

The web platform has app upload options that include app store URLs, APKs & IPAs, and integration with beta-distribution platforms for build testing. Codified Security has support for HockeyApp and Google Play

Developers

Our reports are optimised for ease of reading and exporting with each report showing you what each vulnerability is, why it is a risk, how to fix it, and, on Android & Xamarin.Android, the exact lines of code that need to be secured.

The web platform has options to manage email notifications, integrations with Slack & Hipchat, access for team members and manage third party libraries.

What we test for

Codified Security uses a range of techniques to protect against the abuse of a mobile app’s business logic and the vulnerabilities that open the door to a data breach.

Our static analysis engine tests hundreds of unique rules against the mobile client side.

These static tests pair with our human led dynamic analysis to look for a core set of problems across the iOS & Android platforms, this includes:

Reports

Codified Security’s reports detail whether the vulnerabilities are Critical, Severe, or a Warning, giving details of what each vulnerability is, why you need to fix it, how to fix it, any compliance rules the app is in breach of, and the exact file and line of code where the problem is located. The reports are available online or exportable in a PDF or Word format.

Integration options

Codified Security plugs into existing development environments and practices that you use to support developers throughout the Software Development Lifecycle.

API

You get to decide where and how to run mobile app security tests with our API. The API has access to all of Codified Security’s features and synchronises with the web platform to give a consistent view of mobile app security for all team members.

CLI

Our CLI binary, self contained and built in Go, makes it simple for developers to add Codified Security to their Continuous Integration setup.

The CLI binary works with any build server configuration including TeamCity, Microsoft Visual Studio Team Services, & Bitrise.

Overwatch

Overwatch is Codified Security’s research unit that combines machine learning with human expertise to mitigate the risk of new mobile app security issues.

A web crawler checks for reports of new mobile vulnerabilities, using a feed from the MITRE Common Vulnerabilities and Exposure list (CVE) and Android Security updates. We use this data to build out new rules that are added to our custom rules engine.

This keeps mobile apps secure against new security issues and works with our security notifications to let you know when your mobile apps are vulnerable.

For companies with distinct compliance concerns our researchers will change rules to reflect compliance needs, whether this is changing the risk level of certain rules or ignoring individual rules according to the particular requirements of a mobile app.

We know each company has different needs and will work with you to accommodate your requirements.

Compliance

Codified Security’s rules engine recognises the Open Web Application Security Project Mobile Top 10 (OWASP), Payment Card Industry Data Security Standard 3.2 (PCI-DSS) and Health Insurance Portability and Accountability Act (HIPAA).

Codified Security gives you a transparent way to understand the compliance of your mobile apps and data privacy risks.

Codified Security helps to fulfil testing obligations and secure mobile apps against the security frameworks of OWASP, PCI-DSS, and HIPAA, however, we do not issue certificates of compliance.

The rules that are applied to each mobile app are customisable according to the risk policies in use at your company. This makes it possible to change the risk level or ignore individual rules according to the particular requirements of a mobile app.

PCI-DSS

For a mobile app to be compliant with PCI-DSS there are a number of requirements that Codified Security covers:

  • Identifying and mitigating vulnerabilities in custom and third-party code (Requirements 6.1, 6.2, 6.3, 6.4, 6.6)
  • Performing code reviews by an independent organisation knowledgeable in secure coding practices (Requirement 6.3.2)
  • Training developers in secure coding techniques (Requirement 6.5)
  • Regularly testing systems and processes (Requirement 11.3)
  • Maintain an information security policy (Requirement 12)

HIPAA

HIPAA requires health care institutions and holders of health data to ensure the confidentiality, integrity, and availability of all electronic protected health information (PHI) and protect against any reasonably anticipated threats or hazards to the security of such information. In particular, we help address sections §164.308 to §164.31 of the Security Rule including:

  • Risk analysis and management: Assess risks and vulnerabilities in applications that handle PHI
  • Authentication: Verify that session identifiers are not vulnerable to authentication attacks
  • Data security: Ensure that applications have implemented encryption properly for data-in-transit and data-at-rest
  • Malicious code: Protect applications from malicious code and backdoors

OWASP Mobile Top 10

The OWASP Mobile Top 10 polls the security and app development industry for mobile app vulnerability statistics to profile the riskiest vulnerabilities in the mobile threat landscape. The OWASP Mobile Top 10 is the foundation for secure mobile app development, Codified Security covers:

  • M1 Weak Server Side Controls
  • M2 Insecure Data Storage
  • M3 Insufficient Transport Layer Protection
  • M4 Unintended Data Leakage
  • M5 Poor Authorization and Authentication
  • M6 Broken Cryptography
  • M7 Client Side Injection
  • M8 Security Decisions Via Untrusted Inputs
  • M9 Improper Session Handling
  • M10 Lack of Binary Protections

Your privacy and our security

Codified Security uses a number of features to ensure security for our platform and our customers.

We do not require source code. We use the IPA, APK, or compiled DLL (Xamarin) binaries, to test the code that will be published to public app stores.

No app binaries are stored on our server, each app package is discarded and erased alongside any artefact that the process generates.

The data on each mobile app’s vulnerabilities is hosted on a secure Google Cloud Platform server hosted in the EU with the option to provision customers on to specific data regions. We use automated security and monitoring to follow Google’s standards for securing endpoints as well as going through ad hoc security audits.

Codified Security Solution Overview

Product Overview Video

Kerry Lothrop, a Microsoft Cybersecurity MVP, talking about Codified Security’s product during a talk on Xamarin app security at the 2016 Xamarin Evolve conference (starts from 40.40).

 

Tagged under: Codified Security, Mobile Application Security

What you can read next

Effective Server Room Design
WhatsUp Gold 2018 Service Pack 2 v18.0.2
BigFix Inventory
E-SPIN WS_FTP Solution Product Overview
Wi-Spy Chanalyzer Technical Overview by E-SPIN

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Identity and Access Management (IAM) in Securing Digital Identities and Beyond

    The complexity in securing digital identities h...
  • 5 Things Your ISMS Needs to Be Effective

    IGA solutions in providing better security and governance in the age of digital transformation

    Digital transformation has become a big buzzwor...
  • Red Hat Ansible Automation Platform Product Overview Webinar

    Red Hat Ansible Automation Platform Product Ove...
  • E-SPIN Seasonal Greeting Happy Ramadan

    E-SPIN Group would like to take this season gre...
  • Cybersecurity Automation and Integration

    Passwordless Authentication: A Pathway to Improved Cybersecurity

    As technology continues to advance and digital ...

Recent Comments

  • JEAN ARIANE H. EVANGELISTA on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • Ira Camille Arellano on E-SPIN Wishes all Filipino Araw ng Kagitingan 2022
  • NKIRU OKEKE on Top 5 Challenges in the Consumer Products Industry
  • Md Abul Quashem on Types of Online Banking or E-Banking
  • Atalay marie on What is Cybersecurity Mesh ?

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • Brand
  • Case Studies
  • Cerbero Labs
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DBeaver
  • DefenseCode
  • DSquare Security
  • DSquare Security
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • Excelledia
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • GitLab
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Invicti
  • Ipswitch
  • Isorobot
  • JetBrains
  • Job
  • Life Science
  • LiveAction
  • Magnet forensics
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PortSwigger
  • Pradeo
  • Product
  • Progress
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • SecHard
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Soft Activity
  • SolarWinds
  • Solution
  • SUSE
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • UBsecure
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services
  • Case Studies

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2022 E-SPIN Group of Companies | All rights reserved.
E-SPIN refers to the global organisation, and may refer to one or more of the member firms of E-SPIN Group of Companies, each of which is a separate legal entity.
  • Contact
  • Privacy
  • Terms of use
TOP