Edgescan Key Feature
As organizations increasingly provide mobile applications to enable their remote workforce and boost productivity, their security teams must ensure the safety and integrity of these mobile devices, apps and data. With the rapid and expanding use of mobile apps in the workforce, comes an extended attack surface for cybercriminals to potentially access.
Mobile risk assessments discover and examine all assets within your mobile devices and applications to expose vulnerabilities and threats that may jeopardize data security or performance.
Edgescan Mobile expands its industry leading vulnerability assessment and penetrating testing capabilities into mobile environments, providing complete testing coverage for iOS and Android. Using our unique hybrid approach provides automated vulnerability intelligence coupled with validation and human expertise, we test all relevant mobile components and provide the results in the Edgescan platform with an intuitive ‘single pane of glass’ view.
How the Process Works
- Edgescan starts with ingesting the API components used by mobile devices and applications into its platform.
- Then our vulnerability scanning engine builds a precise profile of each application and runs an assessment of it and at the host-server layer.
- After the initial scan is completed, a manual penetration test is performed against the API/App, to test for business logic vulnerabilities and vulnerabilities that legacy scanners cannot find.
- Edgescan then downloads a build of the native mobile application onto our test devices and begins deep testing and device forensics.
- All results are provided to the Edgescan platform allowing for unlimited retesting and reporting, while ensuring data is safely stored, transmitted, and secured in your mobile environment.
Features and Benefits:
– Only real, prioritized and actionable results are delivered eliminating the false positive ‘noise’ – reducing costs and saving time.
– Risk-rated results with prioritized remediation. Employs several risk scoring systems (i.e., CVSS, CISA KEV, EPSS) and our own Validated Security Score to risk-rate results.
– Access to CREST certified security analysts that will test and expedite the effective implementation of your cloud, network and mobile security strategy.
– Meet compliance – Edgescan is a certified PCI ASV and delivers testing covering the OWASP Top 10, WASC threat classification, CWE/SANS Top 25.
Edgescan Mobile Assessment is a subscription-based service and includes the following capabilities:
Vulnerability Assessment + Pentesting + Device Forensics