Security in Integrated Circuit 
Company 
Blog
Contact us
eShard
/
Security in Software
/
Dev Secops

DevSecOps

Reconciling development, security and operations is nothing obvious. It requires inserting security protections into your CI/CD processes. As code features, they need to be validated in an efficient manner to preserve your development cycle and therefore your time to market.
Liste partenaires Devops
MAST Tool

Put yourself in the attacker’s shoes

Qualifying security protections is not easy: it requires being in the conditions of an attack.

How to achieve this?

  • You check manually. This is easy, but there is no confidence and it’s time-consuming
  • You manage code reviews. It has never been a proper debugging method
  • You request a pentest. Certainly a strong technical option. But this is not viable from ops perspective, particularly cost and time
  • You integrate a MAST tool (Mobile Application Security Testing) in your development cycle.
esChecker a MAST Tool

esChecker: a MAST tool for DevSecOps

esChecker is a SaaS product designed to define, launch and audit your security campaigns. Protections can be validated with either SAST or DAST engines.

Security cannot be compromised. Each app release can now come with its set of QA tests to avoid security regressions:

  • Full integration in your CI/CD pipeline with frameworks such as Jenkins, CircleCI, etc
  • Customisation of your security policy following OWASP guidelines
  • Collaboration between your security expert (security campaign definition) and your developers (campaign run)
Learn more about esChecker
Training esCoaching on Security

Train your teams: “Security by Design” mindset

When designing or implementing a mobile application with security protections, your developers will be better if they learn about the risks:

  • Good understanding of what an attacker can do and how
  • Practical, online and individual courses.
  • One of our experts will be coaching you along the training
  • Crack me challenges provide practical content to exploit the different techniques
Audit and Pentesting Mobile App Security

Audit your mobile application: pentesting

Our team of specialists are not only experts. They work with a collaborative approach to make their assessment in a transparent and interactive way.

We know that a security audit can bring a lot to improve your code. This is why we are striving to provide the best expertise level and make sure you end up with valuable and exploitable material.

Our techniques are best in class: combination of static and dynamic analyses, such as hooking for code injection, emulation or deobfuscation.

Our accumulated experience allows us to evaluate complex technologies, such as: Whitebox cryptography, Software hardening, Secure libraries.

Our Solution :
Our Solution esChecker automated testing tools as part of your CI/CD pipeline

Security Qualification before app publication

Once your app is available on the Apple App Store or on the Play Store, it’s too late to consider the Security topics. Anticipate the risks to mitigate them.

Security as part of your CI/CD Pipeline

What if, during the QA phase, you could assess the Quality of your Mobile App Protections? The Defense Score is the perfect way to allow or reject the Go Live.

Automation leads to Efficiency

esChecker offers a set of APIs to automate the quality testing of your protections. MAST Use them anytime you need to control your protection level.

Blog Articles

Software Security

About mobile application security

14 min read
Edit by Thiebeauld Hugues Apr 10, 2019
© eShard 2021. All rights reserved
Privacy policy | Legal Notice
Bâtiment GIENAH
11 avenue de Canteranne
33600 PESSAC
France
7 rue Gaston de Flotte
13012 MARSEILLE
France
#04-01 Paya Lebar Quarter
1 Paya Lebar Link
SINGAPORE 408533
eShard GmbH
Lebacher Str. 4
66113 Saarbrücken
Germany