I plan to write a related post soon on my mobile app security assessments. In the meantime, I wanted to share a tool with you that plays a key role in mobile app security: Checkmarx CxDeveloper (or perhaps more appropriately called CxSuite).
If you’re a developer, QA professional, security manager, or IT generalist, this is a good tool to have for all of those gotta-have-now apps that everyone is throwing together getting in the app stores.
I’ve used CxDeveloper to find flaws in iOS and Android-based apps that may not be discovered via traditional testing such as:
…all things that I’m not smart enough to find on my own. Nor do I have the time.
For a few years now, I’ve dealt with the folks at Checkmarx and everyone from their CTO to their Director of Marketing – and a few others in between – has been super nice and responsive to my sometimes ridiculous requests.
Here’s a guest blog post I’ve written for them:
Three compelling reasons to check your mobile app source code
And a webinar as well:
The Business Value of Partial Code Scanning
I also cover CxDeveloper in my Mobile Security chapter in the latest edition of my book Hacking For Dummies.
CxDeveloper isn’t without its flaws. It’s installation process and interface can be cumbersome but nothing that can’t be overcome. It’s certainly a worthy alternative to the big-box competitors…check it out if you want to find out the rest of the story with your mobile apps.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”