SOLUTIONS
> Side Channel Analysis
Ready-to-use side channel tools to assess cryptography algorithms.
> Fault Injection: Laser, EM & Glitching
Make sure your chip withstands different techniques of physical fault injections.
> Firmware Security Analysis
Qualify embedded code binaries without physical devices and benches.
> Security Failure Analysis
Photoemission analysis to explore internal information in a chip.
> Vulnerability Research
Dynamic analyses at a system level for investigating potential vulnerabilities.
> esDynamic for EDU SCA and FI
A learning center for academics to teach and perform side-channel analysis and fault injection
TECHNOLOGIES
> Data Science Platform
esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.
> esFirmware Engine
Assess the security of the firmware of IoT devices against logical and physical attacks.
> esReven Engine
Record and replay vulnerability researches within reverse engineering processes and tools.
PROFESSIONAL SERVICES
> Cybersecurity Training
Grow your expertise with training modules driven by a coach.
> Hardware Evaluation Lab
High-end laboratory capabilities specialized in hardware security evaluations.
EXPERTISE
> Mobile App Security
Know the threats and risks of your Mobile App.
> DevSecOps
Integrate the security protections verification in your CI/CD pipeline.
> PCI MPoC
Prepare your product to meet this new mobile payment standard.
SOLUTIONS
> Mobile App Security Testing (MAST)
esChecker SaaS: automating the security testing of your mobile app binary.
PROFESSIONAL SERVICES
> Mobile App Penetration Testing
Testing the resiliency of your Mobile App, SDK or RASP tool.
> Backend Penetration Testing
Testing the resiliency of your Web App, API or Backend Systems.
> Coaching for Mobile App Developers
Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.
Go to our German website
OUR COMPANY
> Events
CAREERS
> Meet our experts
> Open positions
Join our team!
FOLLOW US
Twitter
Linkedin
Youtube
Github
Gitlab
esChecker Mobile Application Security Testing (MAST)
What is Mobile Application Security Testing (MAST) ?
Mobile Application Security Testing (MAST) tools scan (SAST) and run (DAST, IAST) mobile applications for testing the effectiveness of their protections against hacking. Like any other IT system component, mobile apps must be designed, developed, and maintained with security in mind. They are the entry point to the system and require special attention.
Compared to pentesting, a MAST tool enables a shorter, quicker, and more efficient security testing process to better control the application's code as it progresses. It’s about code verification and it gives immediate feedback, allows compliance and it can be integrated in a DevSecOps process. Complement with pentesting for investigating vulnerabilities in the system.
Why test the mobile app binary ?
Most mobile application security testing tools on the market today focus on code verification, however, it is simply not enough. From a risk management perspective, it is important to assume the worst once the application is released, considering that it will be accessible to anyone with no way of controlling the device on which the app will be executed.
esChecker performs mobile application security testing at the binary level, where all the resources of the app are compiled and packaged, including 3rd parties SDK which source code review doesn’t take into consideration.
Why use a DAST?
Dynamic Application Security Testing DAST tests the application as it is being executed. This becomes mandatory to check mobile apps behaviour on real conditions. This is particularly valuable when SAST is limited due to a specific code framework (Flutter, React, Xamarin) or a code obfuscation.
We chose to turn our DAST into a Mobile Application Security Testing IAST. Our unique mobile IAST feature records and replays the app execution which allows it to go a step further in the dynamic security testing. Testing is carried out on a chosen sequence: the user journey.
Before launching your test campaign, our MAST tool lets you record a custom testing sequence to target critical user journeys. That way, you get an assessment of the security protections where they matter, thus reducing the risk of false positives.
Replay the test evidence as many times as necessary and see for yourself how the app behaved in different attack scenarios. In the blink of an eye, monitor your application's progression, identify its weak spots and get guidance through improving your app regarding resilience to hacking.
Don’t say it, prove it
To help organizations efficiently develop and secure their mobile apps, the OWASP has provided highly valuable resources. Of these, OWASP MASVS (Mobile Application Security Verification Standard) should be your reference when setting a Mobile App Security Policy.
Once you’ve set your security policy, esChecker is an OWASP tool generating a testing report and checking the compliance with the OWASP MASVS, helping you identify where your application needs more work to be properly protected. Additionally, you can understand the strength of your application in terms of Application Reverse Engineering Protection, Application Misconfiguration, and Application Vulnerabilities.
How to implement DevSecOps?
As you and your team work, your code evolves. To ensure security quality, you need to continuously test every new build and avoid protection regressions.
However, we understand that you're faced with aggressive time-to-market and multiple app releases. That is why to meet these demands, you must adopt an agile process and automate.
To implement a virtuous cycle of security quality without hindering your development cycle, transform your DevOps into DevSecOps with continuous integration. To help automate security testing during the SDLC, esChecker supports popular CI/CD frameworks such as Bitrise, Jenkins, CircleCI, Gitlab, and Github.
Recognized by Gartner©
In July 2022, Gartner released its yearly Hype Cycles™ which “provide a graphic representation of the maturity and adoption of technologies and applications, and how they are potentially relevant to solving real business problems and exploiting new opportunities”.
In its recent report "Hype Cycle for Application Security", Gartner lists esChecker as a solution for Mobile Application Security Testing.
With esChecker MAST, security testing is fast and easy.
No source code needed. Test your Android or iOS binary in less than an hour and get immediate feedback.
Test you app in real conditions
Go beyond basic checks
Extend the code coverage
Tune your test campaign
Get a test evidence
IAST, DAST
Fields of application
Integrate Security QA early in your Development Process. Don’t wait until your application is live to make the relevant security checks.
Take control of the risk management by enforcing a security policy for all mobile app development.
Explore the good practices in a given market and the related technological trends in mobile app security.
Leverage a MAST tool to request a demonstration of compliance within your ecosystem.
Gartner Peer Insight Reviews
"[...] Using their tool esChecker at each step of your app development helps you make a 360 review of the security of your app in a few minutes. Just need to adjust your evaluation criteria on a self-made basis, creating scenarios as required, depending on your context or your security objectives, and you're ready to run the tool.
No doubt: a powerful tool for customers, and an amazing help for developpers!"
"eShard MAST turned out to be a nice complement to our mobile offering.
Our customers were enthusiastic about the technology and how much they learnt about mobile app security by using eShard's tool.
The DAST is particularly above any other solution, as far as we know. And it seems that more is about to come"
"I've been in contact with eShard for almost a year and I have been really impressed with their solution.
It is simple to use but the technology behind the scene is brillant and efficient. Moreover, since the beginning of our conversation, the solution has evolved quickly and I'm sure they will be able to help more companies to evaluate their app against the different issue a mobile app can face."
"We were impressed by the state-of-the-art technologies and techniques that eShard's consultants used when conducting penetration testing on our products.
[...] Within esChecker, the eShard team has included their years of experience in mobile application vulnerability testing in an automated testing package that is easy to use and provides detailed vulnerability information."
