MCAFEE MOBILE APPLICATION ASSESSMENT SERVICE
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
DATA SHEET
McAfee Mobile Application
Assessment Service
Prevent mobile apps from disrupting your environment
As mobile use and bring your own device (BYOD) continues to increase, hackers are Key Business Outcomes
directing their exploits toward mobile apps. This can potentially compromise your network,
Discover extensive details about
your intellectual property (IP), and other vital corporate data. To help you safeguard your
■
your system: Offers a proprietary
network and your sensitive data, McAfee® Mobile Application Assessment (McAfee MAA) and up-to-date mobile app testing
process with more than 100
Service helps you test which apps are at risk. mobile-specific checks that find
vulnerabilities, show where they
exist, and teach you how to test
Increase in Mobile Application Development million,3 along with the personal damage to each user, future apps on your own.
With the advent of Google Android, Apple iOS, and cyberattacks can cause significant harm. ■
Identify your business risks:
Microsoft Windows mobile operating systems, mobile Documents risks and potential
Assessing whether your network is protected against
app development is booming. And, with smartphone impacts to your business.
threats from mobile devices and their apps is critical.
users worldwide today surpassing three billion,1 there is
■
Build your knowledge: Transfers
By 2022, it is estimated that consumers will have knowledge of testing techniques,
an ever-growing demand for smartphone apps. downloaded 258.2 billion mobile apps.4 With so many issues, and remediation.
Most companies today allow their employees to bring apps in use worldwide, hackers have a global playing
in personal devices for work-related usage—87% of field of potential targets.
companies rely on their employees using personal It is imperative that your company test for vulnerable
devices to access business apps.2 This multiplies threat apps in your environment. McAfee MAA Service
risks enormously. performs penetration testing in your environment to
Regardless of thin or thick clients, mobile apps are help you understand if your network is exposed.
not safe from breaches, as they are often used to How Does McAfee Help Show Where You Are
access other sensitive data, like personally identifiable Exposed?
information (PII), IP, and financial data. This increases
At the beginning of the McAfee MAA Service, part of Connect With Us
the company’s potential exposure to a cyberattack. And
McAfee® Advanced Cyber Threat Services (McAfee ACTS)
with the average cost of a data breach now at $3.86
practice, our experts scope the amount of work required
1 McAfee Mobile Application Assessment ServiceDATA SHEET
based on the number of dynamic screens, the number mobile-specific checks. Discoveries are communicated
of platforms, levels of authentication, hosts to be to you daily, with special attention to providing quality Key Deliverables
scanned, and the number of authorization levels, along findings. And, since McAfee experts are involved in
with other relevant information. ongoing research, we can create a vulnerability checklist ■
Daily status report
that is current with the rapidly evolving threat landscape. Preliminary findings report,
Engagements typically range from two to four weeks. ■
including description of
Comprehensive penetration testing is performed—on Second, a technical report, which identifies business
vulnerabilities
site or remotely—within given change control windows risks, is provided in multiple formats. The report ■
Testing notes
and during quiet periods. goes through several levels of review before it is ■
Report card
finalized. It includes an executive summary, overview
This comprehensive testing environment consists of ■
Strategic recommendations:
of strengths, testing notes, a report card, and strategic people, process, and technical
simulators, emulators, and actual physical devices. We
recommendations and findings. These documents detail McAfee MAA Service technical
also specialize in assessing apps developed for iOS, ■
the risks and potential impacts to your business and can report, including an executive
Android, Kindle Fire, Windows Mobile, and BlackBerry
help you with risk score calculations. summary and summary of
platforms.
strengths
Finally, the knowledge transfer of testing techniques, Close-out presentation
If needed, we can perform a retest of each of the ■
issues, and remediation can help you as you go forward with findings and
discovered vulnerabilities within three months of the
in maintaining your sustainability and building your recommendations
completion of your engagement. This allows you to
team’s skill sets.
validate that your security remediation efforts are
resolved and all vulnerabilities have been discovered. Detailed Methodology Proves Successful
Discover System Details, Identify Business A significant part of our success is having implemented
Risks, and Build Skill Sets a proven methodology using best practices. This
customized methodology allows the process to be
McAfee MAA Service addresses your challenges by
consistent across testers, while enabling them to be
helping detect vulnerabilities. This is accomplished by
creative and leverage their individual “hacking” skills.
understanding your system details, identifying business
risks, transferring knowledge, and building your staff’s We use two risk models for app risk rating and business
skill sets so they become more efficient. context: 1) impact plus exploitability; and 2) Common
Vulnerability Scoring System (CVSSv2), an industry
First, this service allows us to work within your system
standard scoring system.
to discover vulnerabilities, show you where they exist,
report our findings, and demonstrate how to test future In addition, the McAfee methodology encompasses test
apps on your own. Our proprietary and up-to-date scenarios ranging from zero-knowledge “black box” to
mobile app testing process performs more than 100 full-access “white box” testing.
2 McAfee Mobile Application Assessment ServiceDATA SHEET
Throughout the McAfee MAA Service engagement,
our domain experts verify security domains using this
methodology.
Step 1: Discovery
Discover how the mobile app behaves and understand
its inner workings.
Step 2: Configuration Management
Discovery
Review how the app and server components are
Debugging
configured. Configuration
and Reverse
Management
Engineering
Step 3: Authentication
Review app authentication controls.
Step 4: Authorization Data
Authentication
Review authorization controls of the app. Protection McAfee
MAA Service
Step 5: User and Session Management Methodology
Review how the app manages user sessions.
Error
Step 6: Data Validation Handling
and Exception Authorization
Review data input/output flows. Management
Step 7: Error Handling and Exception
User and
Management Data Session
Validation Management
Review how the application handles exceptions and
errors.
Step 8: Data Protection
Review how the app protects data on the device and in
transit.
Step 9: Debugging and Reverse Engineering
Debug and reverse engineer app binaries.
3 McAfee Mobile Application Assessment ServiceDATA SHEET
About This Service Our robust mix of strategic consulting and technical
The McAfee MAA Service is part of the McAfee Advanced assessment services offer a unique approach to
Cyber Threat Services (McAfee ACTS) practice in the enhance people, process, and technology across any
McAfee® Consulting Services portfolio. It is delivered organization. By engaging with us, you can expect:
by experts in the McAfee® Customer Success Group ■ Confidentiality: We have a proven track record with
(McAfee CSG). our clients and colleagues for retaining the privacy of
The McAfee ACTS Difference incidents, as outlined in the statement of work.
McAfee domain experts work collaboratively to assess,
■ Experience: We have collective decades of experience
report, remediate, and continually improve security in conquering the most complex breaches, managing
across all industry sectors globally. Security certified risks, preventing attacks, and building successful
in almost 20 areas, including CISSP, CEH, CISM, GCIH, security programs using industry best practices and
GREM, and GIAC, we serve as your trusted partner to guidelines.
help resolve your challenges quickly, efficiently, and cost- ■ Education: We provide advice on how to make it all
effectively. work—ensuring the right processes and procedures
are in place and the most effective tools are used.
■ Proven Methodology: We use a proven Security
Engagement Process (SEP) for project management to
deliver successful consulting engagements.
4 McAfee Mobile Application Assessment ServiceDATA SHEET
About McAfee Customer Success Group Resources
McAfee CSG uniquely brings together support,
consulting, education, and customer success as “one
■
“Trusting Certificates in Android
Nougat and Above: Make mobile
team” to help you achieve successful business outcomes Customer
Support application penetration testing
in all security lifecycle stages. Success
work for you” white paper.
Our mission is simple: McAfee is committed to help you
■
To aid in your security protection,
McAfee provides an assortment
successfully deploy, adopt, consume, and realize the
of free tools, which can be found
value of your McAfee solutions and achieve a stronger here.
Customer
security posture. ■
To help with various issues
From onsite incident response assistance, deployment Education Consulting surrounding web application
hacking, McAfee provides a variety
services, and proactive success management to
of videos, which can be found
training, self-help resources, and communities, we here.
deliver the people, processes, and tools through our
comprehensive Cybersecurity Services portfolio.
Learn More
Whether you need a first responder to help you quickly
identify and remediate a breach, or a trusted partner
to deliver independent, strategic security guidance, you
can rely on McAfee ACTS. To learn more, visit McAfee®
Consulting Services, or contact your sales account
manager or partner.
1. “Number of Smartphone Users Worldwide from 2016 to 2021” (Statista)
2. “BYOD Usage in the Enterprise” (Syntonic)
3. “How Much Does a Data Breach Cost?” (PCMag)
4. “Number of Mobile App Downloads Worldwide” (Statista)
McAfee does not control or audit third-party benchmark data or the websites referenced in this document.
You should visit the referenced website and confirm whether referenced data is accurate.
2821 Mission College Blvd. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other
Santa Clara, CA 95054 marks and brands may be claimed as the property of others. Copyright © 2019 McAfee, LLC. 4350_1119
888.847.8766 NOVEMBER 2019
www.mcafee.com
5 McAfee Mobile Application Assessment ServiceYou can also read
