Platform for Experts 
Mobile & Backend Security Testing 
Our Company 
Blog
Contact us
eShard
/
Security in Software
/
Dev Secops

What is DevSecOps?

DevSecOps is a new way of integrating Security within the Development cycle. It’s a challenge since it requires tools and expertise. And you have to compose with an aggressive time to market and the agility to deliver multiple app releases. Security protection is a software feature, you therefore need to avoid regression. For this, an agile process must have your preference. Automation is the right option.
Liste partenaires Devops

Critical issue: the expertise

Hacking is sophisticated and inventive, and, at an accelerating rate, it won’t be slowing down any time soon. The corresponding skill is difficult to find and does not necessarily belong to your core skill set.

eShard’s offering help you fill this gap with:

esChecker, your MAST companion

You simply cannot afford a manual pentesting for each release. esChecker has been designed to be integrated into your development cycle. Combining SAST and DAST technologies, systematic verifications can take place to control that protections are in place and make sure no space is given to misconfiguration or regression.

You set your security campaign corresponding to your security policy. Security verification can now be integrated into your QA process.

Request a free demo

In-depth vulnerability analysis with pentesting

Our highly specialized team may scrutinize your mobile application.

If you choose a whitebox approach: the code will be required. Otherwise, they can also work in a blackbox approach by stressing the mobile app binary, either an Android or iOS.

At the end, you get a proficient vulnerability analysis report with suggestions of remediation. Doing so, you know what an attacker would have been able to do.

Skill your team

It is always better to know what we are doing. And it is even more important when it comes to developing the right security.

Our esCoaching program is ideal to provide your team with training sessions. It is technical and specialized - the best way to embrace a “learn by doing” approach, where your team will see how attackers' tools work. Awareness is one ingredient of success.

See our full catalog

Training tools

Ecosystems move fast, so do the cybersecurity challenges. Your team must remain up-to-date and master the last security threats because your business and your customers are at stake.
Novice
Static Analysis of an Android application
Coach: Tiana Razafindralambo
This module mainly focuses on static analysis of an Android application. It is split in two parts: the first one focuses on the static analysis of the java code, and the second one on the native code. During this module, you will learn how to find entry points from where one can perform further analyses from the Java code to the Native one. Different techniques and tools will be demonstrated so you can practice.
See more details
Advanced
Breaking a White-Box implementation embedded in an Android Application (Hard Level)
Coach: Guillaume Vinet
This practical course targets an Android Application containing a native white-box library protected with device binding mechanisms. You will learn how to defeat these mechanisms to extract the white- box library, and how to execute and attack it to recover the secret key.
Intermediate
Dynamic Analysis of an iOS application
Coach: Tiana Razafindralambo, Yorick Lesecque
In this module, you will get knowledge on dynamic analysis techniques to understand the inner workings of an iOS application. You will see the different steps of analysing an application at runtime from the repackaging process of an application to the use of an instrumentation framework.

Blog Articles

Software Security

iOS Crackme: an efficient way to learn by doing

7 min read
Edit by Lesecque Yorick Sep 30, 2020
CopyRights eShard 2022.
All rights reserved
Privacy policy | Legal Notice
PLATFORM FOR EXPERTS
Side Channel AnalysisLaser & EM Fault InjectionFirmware Security AnalysisSecurity Failure AnalysisVulnerability Research
PROFESSIONAL SERVICES