fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Facebook Open-sources Tool To Find Android App Security Flaws

Facebook Open-sources Tool To Find Android App Security Flaws

Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company’s Android and Java applications.

This security-focused tool, dubbed Mariana Trench (MT), can analyze large codebases of tens of millions of lines of code to spot vulnerabilities before they’re introduced in the codebase.

Facebook revealed that its engineers found more than 50% of all security bugs across the company’s apps using automated tools similar to Mariana Trench.

Also Read: Vulnerability Management For Cybersecurity Dummies

How it works 

Mariana Trench works by analyzing the information flow from “sources” (user sensitive data such as passwords or locations) to “sinks” (functions or methods using data originating from sources).

Mariana Trench is specifically designed to automatically discover such issues, which, in most cases, could lead to severe privacy and security bugs.

“By default Mariana Trench analyzes dalvik bytecode and can work with or without access to the source code,” Facebook explains on the tool’s documentation website.

“A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an ‘issue’ under the context of Mariana Trench,” Facebook Software Engineer Dominik Gabi said.

Also Read: Compliance With Singapore Privacy Obligations; Made Easier!

Developers and engineers can use the tool to focus on specific security and privacy issues by adjusting and training it by adding new rules and model generators so that it homes in on the areas sensitive data shouldn’t end up. 

Third code analysis tool open-sourced since 2019

The company previously released two other static code analysis tools designed to detect and prevent security issues for Python code (Pysa) and Hack code (Zoncolan).

You can find the Mariana Trench code analysis tool on GitHub and its own dedicated website, a binary distribution on PyPI, and a short tutorial to help get started.

‘We built MT to focus particularly on Android applications. There are differences in patching and ensuring the adoption of code updates between mobile and web applications, so they require different approaches,” Gabi added.

“While server-side code can be updated almost instantaneously for web apps, mitigating a security bug in an Android application relies on each user updating the application on the device they own in a timely way.

“This makes it that much more important for any app developer to put systems in place to help prevent vulnerabilities from making it into mobile releases, whenever possible.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us