Avast App Triage Program Hunts for Bugs, Secures Your Apps for Free
Amid high enterprise demand for mobile apps, Avast's App Triage Program provides a free security assessment on both the front-end and back-end of mobile apps, ensuring vulnerabilities are caught and corrected
REDWOOD CITY, Calif., Nov. 15, 2016 /PRNewswire/ -- Avast Mobile Enterprise, a division of Avast Software, maker of the world's most trusted mobile security software, today launched the Avast App Triage Program, a free service that will help enterprise security teams and mobile app developers locate and diagnose exposures and vulnerabilities within their apps. Utilizing Avast Mobile Enterprise's deep expertise in security-testing, the program will locate exposures on both the front-end and back-end of in-house custom Android mobile apps and third-party apps in Google Play.
Due to their extensive use within enterprises, mobile apps have become an attractive target to cybercriminals. Developers generally design enterprise mobile apps with usability in mind, and security as an afterthought. Although helpful for the user, the focus on usability increases the potential for flaws and vulnerabilities within the apps that can be actively exploited. Additionally, the ongoing discovery of security flaws in the two most popular mobile operating systems, such as QuadRooter in Android and Trident in Apple's iOS, demonstrate larger-scale security weaknesses in the mobile app environment.
The Avast App Triage Program stems from the Avast team's deep expertise in security-testing hardware and software, and its current focus on secure mobile app deployment. The program aims to provide companies with valuable vulnerability information by conducting a full security audit of mobile apps. Once an audit is complete, the program delivers a report outlining known security flaws and vulnerabilities, the severity of the flaws, and how to best protect them from being exploited. The identified flaws correlate with those outlined by the OWASP Mobile Security Project, which includes lack of account lockout, vulnerability to reverse engineering attack, authentication bypass, hardcoded passwords and other sensitive information, as well as insecure storage and insecure configurations.
"Each mobile app is unique and different in any environment, and becomes more diverse or complex as it is adapted to specific organizational needs," said Sinan Eren, general manager, Avast Mobile Enterprise, and vice president, Avast Software. "Even third-party apps are often tweaked during enterprise implementation. To combat these changes and mitigate the vulnerabilities, we developed the Avast App Triage Program — to help organizations better protect their brands and bottom lines from exploits."
Avast Mobile Enterprise security researchers will look for a wide range of Android mobile app coding and configuration flaws including:
Security of SSL/TLS Deployment — Identifies issues in SSL/TLS including man-in-the-middle detection, certificate pinning, transport layer security extensions and configuration options, certificate authority root validation, and incorrect use of embedded certificates and private keys.
Insecure storage of sensitive information — Assesses the handling of stored personal and private information by apps and APIs connecting apps to back-end servers.
Insecure uses of cryptography — Evaluates the security of the deployment and underlying cryptographic algorithms in mobile apps in-transit and at-rest.
Insecure Server API Authorization/Authentication mechanisms and credential storage — Identifies flawed, non-existent or weak authentication methods that expose sensitive user information.
Server API Web-related vulnerabilities — Identifies common web app vulnerabilities present in back-end/cloud services connected to the mobile app including SQL injection, cross-site scripting and cross-site request forgery.
To register for the Avast App Triage Program, please click here.
About Avast Mobile Enterprise Avast Mobile Enterprise, a division of Avast Software, is an innovator in mobile virtualization, delivering secure access to enterprise mobile applications from any device. Avast Virtual Mobile Platform (VMP) eliminates risks typically associated with BYOD by streaming apps from corporate data centers. No data ever resides on the device. Avast VMP ensures ultimate protection for corporate data and ultimate user privacy.
About Avast Avast Software (www.avast.com), maker of the most trusted mobile and PC security in the world, protects more than 230 million people and businesses with its security applications. In business for more than 25 years, Avast is one of the pioneers in the computer security business, with a portfolio that includes free antivirus for PC, Mac, and Android, to premium suites and services for both consumers and business. In addition to being top-ranked by consumers on popular download portals worldwide, AVAST is certified by, among others, VB100, AV-Comparatives, AV-Test, OPSWAT, ICSA Labs, and West Coast Labs.