Application Security

9/12/2018
04:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Appdome Releases Two New Mobile App Security Protections

New industry-first capabilities protection mobile communications & the underlying mobile app

Redwood City, Calif – Sept. 12, 2018 – Appdome, the mobile industry's first no-code, cloud platform for mobile app integration, today announced new advanced security features within its Mobile App Security Feature Set to protect mobile communications and mobile applications from hackers and malicious activity.

Both features are industry firsts – providing new levels of security for Android and iOS apps not found elsewhere in the market. Further, new and existing mobile app security features can be implemented without access to source code, directly to the application binary in seconds, regardless of the development environment used to build the app.

"Mobile threats are increasing in frequency and sophistication, said Avi Yehuda, co-founder and CTO of Appdome. "App makers and mobile developers are demanding two critical things from the industry – more advanced protections to secure mobile communications and shield mobile applications at every level, and faster, more consistent ways of adding these protections."

The first of the new security features adds to Appdome's industry-leading TOTALCode™ Obfuscation solution. The new feature targets at Non-Native applications built in React Native, Cordova or Xamarin. These environments embed the business logic of apps outside of where a traditional iOS or Android application's code resides (i.e. storing business logic of apps in JavaScript and DLL files outside the app's main binary).

With this release, and without writing any code or touching source code at all, Appdome's TOTALCode Obfuscation can now obfuscate and protect the "extra" files deep inside non-native applications, thwarting any malicious agent that wants to extract or reverse-engineer these files. Appdome users can put these new features to use by selecting "File Obfuscation" within TOTALCode; feature set available on Appdome. With this release, Native and Non-Native applications share the same range of mobile app shielding options, including anti-reversing, anti-tampering, anti-debugging, encryption for strings and preferences and more. All app shielding features can be added without any performance tradeoffs or work typically associated with other solutions.

The second of the new security features is called Trusted Session Inspection. Trusted Session Inspection is an advanced Man-in-the-Middle protection model for Android and iOS apps that verifies the SSL connection on the go. The key element of Trusted Session Inspection is the ability to keep track of the SSL session and validate the CA authenticity as it is being sent. Trusted Session Inspection is stateful and has no performance impact on the app. It allows for malicious proxy detection regardless if the proxy is internal or external to the mobile device. It can also prevent an app from resuming unauthorized SSL sessions it did not initiate. With Trusted Session Inspection, Android and iOS apps are protected against all types of attacks, such as malicious proxy, ARP spoofing or any other session hijacking techniques.

Both new features are available now on Appdome. To add these new security features to an Android or iOS app, app makers and mobile developers simply sign in to Appdome's self-service, no-code platform, upload an .ipa (for iOS apps) or .apk (for android Apps), select the desired protections, and click "Fuse My App." In seconds, the new protections are added to each app and the newly secured apps are ready for deployment.

"Better security with less work for all mobile apps has been our motto from the start," Tom Tovar, CEO of Appdome said. "These features extend our leadership in making mobile app security a reality from first use across all Android and iOS apps."

About Appdome

Appdome is a productivity platform for mobile integration, providing the rapid integration of multiple third-party functions to apps, shortening the deployment cycle and connecting mobile apps to other services on demand. The codeless service operates as a mobile integration workflow in the cloud and allows users to perform integration projects on the final application package. No source code or development expertise is required. Likewise, no modifications to an app or an SDK are required to complete integration projects on the platform. The solution is currently used by the world's leading financial, healthcare and e-commerce companies to support productivity, compliance and security for consumers and employees. Appdome was rated a "Cool Vendor" in Mobile Security by Gartner in 2015. The company is based in Silicon Valley, United States and Tel Aviv, Israel. For more information, visit www.appdome.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16958
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is...
CVE-2018-16959
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The portal component is delivered with an insecure default User Profile community configuration that allows anonymous users to retrieve the account names of all portal users via /portal/server.pt/user/user/ requests. When WCI is ...
CVE-2018-16952
PUBLISHED: 2018-09-18
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password).
CVE-2018-16953
PUBLISHED: 2018-09-18
The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). User input from the name parameter is unsafely reflected in the server response.
CVE-2018-16954
PUBLISHED: 2018-09-18
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login.