Data Theorem
Data Theorem
Automatic and continuous vulnerability assessment of mobile applications
~Achieving a faster DevSecOps cycle while addressing new vulnerabilities in SDKs, OSS, etc.~
Mobile Application Market Expansion and Security Issues
- In addition to the consumer game market, the mobile application market is expanding year by year due to digital transformation, Fintech, 5G and IoT-related business applications and healthcare applications. , the frequency of releases is increasing
- According to the Information-technology Information-technology Promotion Agency, in the fourth quarter (October to December) of 2019, mobile applications ranked first in the number of vulnerability reports by software product.
Security issues: "Delivery time, cost, compliance, expertise, etc..."
- Even after a new release, the service was stopped due to a security flaw.
- Even if they want to focus on security measures, they leave it to them, so they do not know the dangers of their own apps
- Manual pentesting is costly and overwhelmed with release priority
- Not being able to check every time the operation of the subcontractor at the time of application development
- Only pre-release vulnerability diagnosis is performed, and even if a vulnerability is discovered in the OSS or SDK used after release, it is not possible to respond immediately
- It does not meet the security requirements, and it is difficult to pass the review of the Google Play Store and Apple Store
Solutions provided by Data Theorem
Data Theorem provides a SaaS security diagnosis service platform for your mobile applications. It automatically downloads apps published on the Google Play Store and App Store each time they are released, conducts daily diagnostics, and responds to the latest security threats. In addition, pre-release private apps can also be incorporated into your CI/CD tools for diagnosis.
You can check the report at the time of diagnosis on the web. Confirmed issues are prioritized according to their impact. It also has a mechanism to link only the necessary parts to only the necessary users. Therefore, even if developers and security personnel span multiple departments or companies, it is possible to have common guidelines and turn the DevSecOps cycle for better application development.
- Automatically and continuously diagnose mobile application vulnerabilities for a flat fee
- Visualize APIs used by mobile applications
- Alerts for use of vulnerable APIs
- Detecting and notifying personal information, etc. included in API requests/responses
- Analyze Single Page Web Applications (SPAs)
*React, GraphQL, Angular, Vue, etc. - Diagnose embedded APIs and underlying cloud resources
Data Theorem Overview
main office | US (Palo Alto) |
---|---|
Established | 2013 |
management team |
|
Installation record |
|
Implementing company | facebook, ebay, GAP, Netflix, Verizon, GoldmanSachs, salesforce, etc. |
Product category | Mobile Application Security Diagnosis Service |
Form of provision | Cloud service |
pricing model | Annual payment according to the number of apps to be diagnosed (1 year contract) |