Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

9/12/2018
04:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Appdome Releases Two New Mobile App Security Protections

New industry-first capabilities protection mobile communications & the underlying mobile app

Redwood City, Calif – Sept. 12, 2018 – Appdome, the mobile industry's first no-code, cloud platform for mobile app integration, today announced new advanced security features within its Mobile App Security Feature Set to protect mobile communications and mobile applications from hackers and malicious activity.

Both features are industry firsts – providing new levels of security for Android and iOS apps not found elsewhere in the market. Further, new and existing mobile app security features can be implemented without access to source code, directly to the application binary in seconds, regardless of the development environment used to build the app.

"Mobile threats are increasing in frequency and sophistication, said Avi Yehuda, co-founder and CTO of Appdome. "App makers and mobile developers are demanding two critical things from the industry – more advanced protections to secure mobile communications and shield mobile applications at every level, and faster, more consistent ways of adding these protections."

The first of the new security features adds to Appdome's industry-leading TOTALCode™ Obfuscation solution. The new feature targets at Non-Native applications built in React Native, Cordova or Xamarin. These environments embed the business logic of apps outside of where a traditional iOS or Android application's code resides (i.e. storing business logic of apps in JavaScript and DLL files outside the app's main binary).

With this release, and without writing any code or touching source code at all, Appdome's TOTALCode Obfuscation can now obfuscate and protect the "extra" files deep inside non-native applications, thwarting any malicious agent that wants to extract or reverse-engineer these files. Appdome users can put these new features to use by selecting "File Obfuscation" within TOTALCode; feature set available on Appdome. With this release, Native and Non-Native applications share the same range of mobile app shielding options, including anti-reversing, anti-tampering, anti-debugging, encryption for strings and preferences and more. All app shielding features can be added without any performance tradeoffs or work typically associated with other solutions.

The second of the new security features is called Trusted Session Inspection. Trusted Session Inspection is an advanced Man-in-the-Middle protection model for Android and iOS apps that verifies the SSL connection on the go. The key element of Trusted Session Inspection is the ability to keep track of the SSL session and validate the CA authenticity as it is being sent. Trusted Session Inspection is stateful and has no performance impact on the app. It allows for malicious proxy detection regardless if the proxy is internal or external to the mobile device. It can also prevent an app from resuming unauthorized SSL sessions it did not initiate. With Trusted Session Inspection, Android and iOS apps are protected against all types of attacks, such as malicious proxy, ARP spoofing or any other session hijacking techniques.

Both new features are available now on Appdome. To add these new security features to an Android or iOS app, app makers and mobile developers simply sign in to Appdome's self-service, no-code platform, upload an .ipa (for iOS apps) or .apk (for android Apps), select the desired protections, and click "Fuse My App." In seconds, the new protections are added to each app and the newly secured apps are ready for deployment.

"Better security with less work for all mobile apps has been our motto from the start," Tom Tovar, CEO of Appdome said. "These features extend our leadership in making mobile app security a reality from first use across all Android and iOS apps."

About Appdome

Appdome is a productivity platform for mobile integration, providing the rapid integration of multiple third-party functions to apps, shortening the deployment cycle and connecting mobile apps to other services on demand. The codeless service operates as a mobile integration workflow in the cloud and allows users to perform integration projects on the final application package. No source code or development expertise is required. Likewise, no modifications to an app or an SDK are required to complete integration projects on the platform. The solution is currently used by the world's leading financial, healthcare and e-commerce companies to support productivity, compliance and security for consumers and employees. Appdome was rated a "Cool Vendor" in Mobile Security by Gartner in 2015. The company is based in Silicon Valley, United States and Tel Aviv, Israel. For more information, visit www.appdome.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9079
PUBLISHED: 2020-08-11
FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.
CVE-2020-16275
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Credential Manager component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.
CVE-2020-16276
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16277
PUBLISHED: 2020-08-10
An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database.
CVE-2020-16278
PUBLISHED: 2020-08-10
A cross-site scripting (XSS) vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link.