Attackers take advantage of the frailty of mobile applications to steal information and damage the reputation of businesses. WhiteHat Sentinel Mobile, the industry’s leading mobile testing solution, identifies mobile application flaws for remediation for some of the largest companies in the world.
Unlike traditional mobile application testing, WhiteHat Security takes a holistic approach to testing by embracing the complexity of the application architecture. WhiteHat provides offerings that are easily integrated across the mobile security spectrum to meet the requirements of your specific business needs, at the client, network, and server layers.
Mobile Service Offerings
Production Mobile Website Testing
Sentinel Mobile emulates various mobile browsers for Android and iOS and tests associated applications without any service or performance disruptions. Customers simply need to provide WhiteHat with the URL of the mobile site and we present the results in the same fashion as the other sites we assess.
Mobile Source Code Testing
WhiteHat deploys an on-premises appliance to run static testing locally. Through Sentinel Mobile, you can point the appliance to the repository where the Android application is held and set up a schedule for testing. When a scan is triggered, the appliance will take the mobile code and simulate a runtime experience by organizing it into an Abstract Syntax Tree. This allows us to track the “source” in any place that a user would be able to supply input, all the way to the “sink” – the place where the security control should exist. Delivery of the source code is made to WhiteHat SFTP server where our engineers will be able to access it. Once the assessment is complete, results are presented in a detailed report for your consumption.
Mobile API testing
Many mobile-based applications use web-based APIs to communicate with back end servers, to save information and r educe the load on the device or client. WhiteHat understands the complexity of assessing AP Is and we support static source code analysis for .NET and Java APIs. Using a robust technology to do analysis of the source tree, Sentinel Mobile’s static code analysis capabilities can find the most dangerous security flaws in mobile web applications before they are deployed. All static code analysis reports end up in the Sentinel interface, and are individually verified to ensure there are no false positives, ensuring that your team receives only actionable results for remediation.