• Mobile app security testing – are you checking for all the flaws?

    12 Feb 2013

    I plan to write a related post soon on my mobile app security assessments. In the meantime, I wanted to share a tool with you that plays a key role in mobile app security: Checkmarx CxDeveloper (or perhaps more appropriately called CxSuite).

    If you’re a developer, QA professional, security manager, or IT generalist, this is a good tool to have for all of those gotta-have-now apps that everyone is throwing together getting in the app stores.

    I’ve used CxDeveloper to find flaws in iOS and Android-based apps that may not be discovered via traditional testing such as:

    • Code injection
    • Session fixation
    • Path traversal
    • Weak passwords
    • Hard-coded cryptographic keys

    …all things that I’m not smart enough to find on my own. Nor do I have the time.

    For a few years now, I’ve dealt with the folks at Checkmarx and everyone from their CTO to their Director of Marketing – and a few others in between – has been super nice and responsive to my sometimes ridiculous requests.

    Here’s a guest blog post I’ve written for them:
    Three compelling reasons to check your mobile app source code

    And a webinar as well:
    The Business Value of Partial Code Scanning

    I also cover CxDeveloper in my Mobile Security chapter in the latest edition of my book Hacking For Dummies.

    CxDeveloper isn’t without its flaws. It’s installation process and interface can be cumbersome but nothing that can’t be overcome. It’s certainly a worthy alternative to the big-box competitors…check it out if you want to find out the rest of the story with your mobile apps.

Resources

view all

Client Testimonials

“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.

His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”

(IT managed services firm)
Read More

 

I’ve written/co-written 12 books on information security including:

 

Tags

application security appsec basics books careers censorship CISO CISSP cities compliance coronavirus covid-19 cybersecurity data breaches hacking Hacking For Dummies heads in sand health incident response information risk keynote speaker leadership macOS networked cameras passwords patching racing resilience Russian hacking SDLC security culture security leadership security program management security speaker selling security social engineering speaking engagements spec miata sql injection tiktok time management training vulnerability and penetration testing web security

© Copyright 2001-present, Principle Logic, LLC - All Rights Reserved.

For your convenience I accept