Are Your Mobile Apps Secure?
Fast, Affordable, on-Demand Mobile Application Security Testing

JYvY_uYbeUo

Mobile apps collect a lot of (unnecessary) personal data. In a study conducted by HPE, 96.52 percent of mobile applications were flagged in at least one of the 10 core privacy checks.

*Source - Mobile Application Security Report 2016, Hewlett Packard Enterprise, April 2016

Now, A Solution to the Mobile Application Security Problem 

The rapid adoption of mobile devices and the explosion of mobile apps has created a significant security challenge for organizations. Already stretched IT security teams are now responsible for mobile app security but often don’t have the resources and skills to thoroughly assess and score the risk in the rapid mobile deployment model. In addition, mobile apps are an easy target for hackers, putting your customers' private data at risk

HPE Security Fortify on Demand helps you meet the mobile challenge with a comprehensive mobile application security solution and the added benefit of being delivered as a managed service—relieving IT of the burden to do it all in-house.

Secure Mobile Development

Use our Basic assessments during the build process to analyze code, find vulnerabilities, and mitigate risk. Powerful remediation guidance is offered via detailed vuln data, line-of-code details, and corrective advice.

Learn More

End to End Analysis

For Standard and Premium level assessments, we look at the entire technology stack: client, network, and server.  Vulnerabilities found in one component (the client, for example) can be used while testing the server, to paint the truest picture of mobile application risk.

Learn More

Reputation Management

A fully integrated mobile app reputation dashboard and database allow enterprises to develop and implement smarter BYOD policies. This service is free to all Fortify customers.

Learn More

Are you a Fortify customer? Request access to the Fortify on Demand portal and reputation database. Not currently a customer? Contact us for a preview of your app's posture or a full privacy and security report.

Long story short, it’s exponentially less expensive to build security into the development process than adding it to mobile applications already in production.
HPE Mobile Research Study
Benefits: End-to-end Mobile Application Security Testing by a Proven Leader

HP Fortify on Demand Mobile uses a three-tier testing methodology to ensure that your mobile applications are secure. Fortify on Demand brings scale, security testing expertise, and Gartner MQ leading software security technology to you – through the cloud – giving you a complete mobile application security solution that can be managed by you, accessed by development partners and integrated with other HP Fortify Software Security solutions.

Build More Secure Apps

Identifies mobile application security vulnerabilities by leveraging market-leading application security testing technologies and expert security research backed by HPE.

Fast

Finds, verifies and prioritizes security vulnerabilities in all three layers and delivers actionable results faster than anyone else in the biz. Deliver your apps on time, every time.

No Security Team Needed

Scales an organization’s security efforts by immediately giving them a global 24x7 testing team to review and validate all scans and a dedicated Technical Account Manager to drive the program.

Smarter BYOD Policies

Develop and enforce a BYOD policy with Fortify’s Mobile Reputation database, which allows integration with existing Mobile Device Management (MDM) and Mobile Application Management (MAM) solutions.

Mobile Application Security Testing

Fortify on Demand mobile ensures a safer, faster go-to-market strategy for mobile application security at all points: development, procurement, and launch.

The earlier vulnerabilities are identified, the less costly they are to remediate.  Empower your developers to catch vulnerabilities early in the lifecycle with regular static code analysis using our Basic assessment subscriptions with line-of-code remediation advice.

Most penetration testers know the headaches of testing mobile applications. Before each release, simply upload the binary of your desired application and our expert team will conduct a thorough audit of your application utilizing the OWASP Top 10 (for Standard and Premium assessments) and remove false positives. Detailed and correlated results are then posted to your secure Fortify on Demand tenant dashboard and downloadable report.

For apps procured through a third-party, we can work with your vendor to ensure apps you receive are secure. 

Mobile assessmentsBasicStandardPremium

Application risk

Low/Medium

Low/Medium

High

Platforms

iOS, Android, Windows®, Blackberry

iOS, Android

iOS, Android, Windows®, Blackberry

Client: automated binary

No

Yes

Yes

Client: manual binary

No

OWASP top 10

All categories

Client: source code

Yes

No

Yes

Network

No

OWASP top 10

All categories

Server: Web services (dynamic)

No

OWASP top 10

All categories

Server: Web services (source code)

No

No

Yes

False positive removallink

Yes

Yes

Yes

Target turnaround

1-2 days

1-2 days

5-7 days

Introducing ShadowOS

ShadowOS is a free tool to help Security and QA teams test Android applications for security vulnerabilities. It is a custom OS based off KitKat that intercepts specific areas of the device’s operation to make testing apps easier. ShadowOS can monitor HTTP/HTTPS traffic, SQL Lite queries and file access. Learn more and download ShadowOS

Manage Mobile Application Risk

The introduction and use of third-party applications can compromise the security of the enterprise infrastructure. Even mobile applications developed in house have the potential to leak sensitive employee information and company data. By offering an easy way to analyze mobile apps and inform MDM / MAM policies, Fortify gives companies more control over potential threats to their proprietary information.

Key Features:

  • Free reputation testing and behavioral analysis with over 18 check categories
  • Dedicated reputation dashboard and database

Reputation Testing and Database

The Fortify service includes free privacy checks for iOS and Android applications, either company owned or those applications deployed from the App Store. If an app isn’t in our database, the request process is easy – just provide the app information or upload a binary. Star ratings make it simple to create smarter whitelists or blacklists depending on your BYOD policy.

Behavioral Analysis

Fortify’s Behavioral Analysis engine is the most complete offering of its type in the industry. The test looks for malicious behaviors and privacy leaks. Example check categories include: use of insecure libraries, accessing or writing private data to insecure logs and directories, and reputation analysis on all traffic endpoints.

Are you a Fortify customer? Request access to the Fortify on Demand portal and reputation database.