DevSecOps
Put yourself in the attacker’s shoes
Qualifying security protections is not easy: it requires being in the conditions of an attack.
How to achieve this?
- You check manually. This is easy, but there is no confidence and it’s time-consuming
- You manage code reviews. It has never been a proper debugging method
- You request a pentest. Certainly a strong technical option. But this is not viable from ops perspective, particularly cost and time
- You integrate a MAST tool (Mobile Application Security Testing) in your development cycle.
esChecker: a MAST tool for DevSecOps
esChecker is a SaaS product designed to define, launch and audit your security campaigns. Protections can be validated with either SAST or DAST engines.
Security cannot be compromised. Each app release can now come with its set of QA tests to avoid security regressions:
- Full integration in your CI/CD pipeline with frameworks such as Jenkins, CircleCI, etc
- Customisation of your security policy following OWASP guidelines
- Collaboration between your security expert (security campaign definition) and your developers (campaign run)
Train your teams: “Security by Design” mindset
When designing or implementing a mobile application with security protections, your developers will be better if they learn about the risks:
- Good understanding of what an attacker can do and how
- Practical, online and individual courses.
- One of our experts will be coaching you along the training
- Crack me challenges provide practical content to exploit the different techniques
Audit your mobile application: pentesting
Our team of specialists are not only experts. They work with a collaborative approach to make their assessment in a transparent and interactive way.
We know that a security audit can bring a lot to improve your code. This is why we are striving to provide the best expertise level and make sure you end up with valuable and exploitable material.
Our techniques are best in class: combination of static and dynamic analyses, such as hooking for code injection, emulation or deobfuscation.
Our accumulated experience allows us to evaluate complex technologies, such as: Whitebox cryptography, Software hardening, Secure libraries.
Our Solution :
Our Solution esChecker automated testing tools as part of your CI/CD pipeline
Once your app is available on the Apple App Store or on the Play Store, it’s too late to consider the Security topics. Anticipate the risks to mitigate them.
What if, during the QA phase, you could assess the Quality of your Mobile App Protections? The Defense Score is the perfect way to allow or reject the Go Live.
esChecker offers a set of APIs to automate the quality testing of your protections. MAST Use them anytime you need to control your protection level.
