Shift security left in the SDLC to save development costs and avoid releasing app code – especially 3rd party code libraries – that can be exploited
Zero Trust Architecture (ZTA) requires visibility into all assets – and the ability to test apps extensively for zero-day vulnerabilities and threats.
“Quokka’s step-by-step approach has notably improved how we handle mobile application vulnerabilities. It’s made managing security assessments across our mobile app ecosystem much smoother and more effective and brought consistency to our security standards. Quokka stands out as a collaborative partner, providing proactive support that truly enhances our experience.”
Security Leader, Fortune 100 CPG Company
Comprehensive static (SAST), dynamic (DAST), interactive (IAST) and forced-path execution app analysis
Automated scanning in minutes, no source code needed, even for latest OS versions
Analysis of compiled app binary, regardless of in-app or run-time obfuscations
Malicious behavior profiling, including app collusion
Checks against privacy & security standards: NIAP, NIST, MASVS
Precise SBOM generation and analysis for vulnerability reporting to specific library version, including embedded libraries
Cloud-based platform to avoid drag on hardware or bandwidth
Fewer false negatives with fewer false positives
Quokka (then Kryptowire) contributed automated analysis using proprietary mobile app vetting infrastructure
Benefits of mobile security that make you smile
Know your app security intelligence solution delivers the industry’s most comprehensive insights, even for the latest OS versions, in minutes
Make risk-based business decisions throughout the SDLC to balance speed of app deployment with security measures
Scan 100% of compiled app binary – including 3rd party code libraries – to prevent supply chain attacks that harm your brand
Mobile security has historically been underfunded – Quokka can cost-effectively reduce mobile risks.
Get visibility into all mobile apps and enable DevSecOps practices in order to protect your organization from mobile zero-day attacks
~50% of organizations experience mobile compromises[1]
Ship high-quality, secure apps faster to keep up with the pace and complexity of development while protecting your organization from fraud and breaches
Run automated tests 90% faster than manual testing[3]
Rely on the industry’s only proprietary, defense-grade app scanning engines that uncover more security, privacy, and malicious behavior findings than any other app testing tool
External code fetches, websites visits, network traffic
Hard coded keys, Weak hash, Insecure web-views, permission usage analysis
RASP & TLS friendly dynamic analysis
Covers crypto best practices, dynamic code, inter-component and inter-app communication, tapjacking, PII leaks, input validation, tracking, webview weaknesses, and many more.
Code/Data Sharing Detection (App Collusion)
In-app purchase vulnerability, unprotected permission exploit
Exploitable inter-app communication vulnerabilities:
Advanced SBOM:
Malicious code that runs only after app runs for a long time
Remote Command & Control to give access to app, device or files
Read sensitive PIl data like device location and send over network
Defense in depth to identify with high confidence exploitable security vulnerabilities, privacy risks, and malicious behavior
Copyright © 2024, Quokka. All rights reserved.