mobile security

Red Mountain Cyberdefense

Is your mobile app secure?  In the rush to market, did your mobile app open a new attack vector?  Does your app prevent malware from tapping in on interprocess communications that may expose credentials, personally identifiable information, personal medical info or credit card transactions?  Can your app be reverse engineered?  Is your intellectual property vulnerable to theft?

With six plus years of mobile development experience, we can provide mobile security that just doesn’t show you the holes but also shows you how to close them.

Services

  • mobile security on iOS, Android, Blackberry and Windows Mobile platforms
  • mobile penetration testing
  • binary code analysis
  • static application security testing / dynamic application security testing
  • data forensics – data at rest / data in transit
  • wifi penetration testing and analysis
  • secure code reviews
  • mdm/byod

Solutions

  • secure app architecture
  • secure coding – best practices to protect your app from cyber attacks
  • secure SDLC
  • military-grade code hardening – protect your app from ip theft and malware injection

 

Solution Description

Mobile solution includes security in depth that leverages Federal Agency best practices for layered data and network protection. Capabilities range from device management to advanced code level countermeasures.

  • Layered Solution – no single failure points
  • BYOD policy and device management solution
  • Mobile Embedded Chip Security, NFC/UICC, Trusted Execution Environment
  • Advanced Authentication including biometrics, multi-factor
  • Advanced mobile application countermeasures for code integrity, anti-tamper, IP protection, license, code injection (malware), DRM theft protection, data at rest, data in transit, container (Webkit, Native)
  • PEN testing / Compliance / Secure SDLC / Automated Code Review, Remote status and control
  • Real time status and control of countermeasure events integrated in HP ArcSight/SOC

 

Target Audience

Any national, multi-national or global that has a mobile application or device strategy that requires managing risk neutral technology to achieve fiduciary responsibilities. This can include:

  • Seek to protect company confidential information on employee-owned devices
  • Seek to protect corporate infrastructure from mobile device malware, viruses, etc.
  • Financial institutions providing customer mobile apps
  • Mobile apps handling credit card transactions
  • App developers/3rd party frameworks that provide:
  • High value intellectual property
  • Licensed/Paid Apps, In-app purchases
  • Game Apps, Subscription-based
  • Media content delivery (DRM)
  • Industrial/Energy/SCADA/ICS
  • Retail POS terminal and card reader