BENGALURU, APRIL 18, 2012: Paladion has recently launched Application Security tools for mobile enthusiasts. The tools, ‘InsecureBank’
Paladion's Vulnerable Andriod application named "InsecureBank"
o Information Sniffing due to Unencrypted Transport medium
o Sensitive information disclosure via Property Files
o Sensitive information disclosure via SD card storage
o Sensitive information disclosure via SQLite DB
o Sensitive information disclosure via Device and Application Logs
In addition, Paladion's Mobile Security Team has developed an automation script which is helpful in quick static analysis of Android Vulnerabilities. The script is a batch file, which prompts the user to provide the path of the android application code to be analysed. The script has detection parameters pre-configured in it which run over the android application code. The result is a list of text files - one each for different vulnerability. These text files are the primary source of vulnerability identification. Sometimes it may not directly flag off vulnerability but may act as the pointer from where to start with. This script is very useful in case of bigger applications.
List of key Checks that that the Script would be testing for:
o Code to check for presence of HTML Sensitive Information
o Code to check for insecure usage of SharedPreferences
o Code to check for possible TapJacking attack
o Code to check usage of external storage card for storing information
o Code to check for possible scripting javscript injection
The tools can be downloaded at: http://www.paladion.net/
For further information pls contact: piyali.guha@
About Paladion-
With a global footprint across 30 countries, Paladion is a specialized and strategic partner for information risk management to leading organizations across industries including, BFSI, ITES, Telecom, Manufacturing. It is the largest and the fastest growing pure-play information security player in Asia (as ranked in Deloitte Technology Fast 500 Asia Pacific & Technology Fast 50 India - 2006, 2007, 2008, 2009, 2010 & 2011). Gartner too has included Paladion in its rating of “MarketScope for Managed Security Services in Asia Pacific” – 2008 & 2009 as ‘Promising’
Having over a decade of experience in the information risk management domain, Paladion today is actively managing risks for over 700 customers. Paladion provides end-to-end information risk management solutions comprising security assurance, compliance, governance, monitoring and management services to large and medium sized organizations for existing as well as emerging risks.
Paladion also offers solutions for communication interception to law enforcement agencies and service providers. Paladion’s information risk management solutions have been awarded by Asian Banker, Red Herrings, and Financial Insights. Paladion has been recognized in the SI 100 Top 10 Enterprise Security Companies 2011. Paladion is involved in several information risk management research forums and has authored books on the same. The whitepaper, Phishing Threat Intelligence Report H1 2011 by Paladion Labs, has been awarded the Global Excellence Award 2012 by Info Security Products Guide.
Please visit www.paladion.net for more information
-End-
# # #
Paladion provides end-to-end information risk management solutions comprising security assurance, compliance, governance, monitoring and management services to large and medium sized organizations for existing as well as emerging risks.
