enterprisesecuritymag

Appknox: Proactive Security

CIO VendorPrateek Panda, Co-Founder & CMO
The world of business is fast adopting mobile technology for the benefits that it offers such as time-saving, convenience, and cost-effectiveness while engaging with the customers. To acquire faster time to market and reach more customers, businesses often rush to release mobile apps without complete security testing. This is primarily because security testing isn’t able to keep up with the fast software development lifecycle of mobile apps. A typical manual penetration test takes around 20-30 days to complete. However, mobile ecosystem being open-ended, with high connectivity and consistent flow of data, such apps often fall victim to exploitation by cybercriminals. The consequence is damage to the business reputation, business discontinuity, loss of customer loyalty and capital. As a rebuttal to such challenges, Harshit Agarwal, Subho Halder, and Prateek Panda founded Appknox in 2014 with the objective to build a safe and secure mobile ecosystem for businesses, developers, and users. Using its unique automated system plus human approach, Appknox enables customers to proactively detect and resolve security issues in their apps in a more efficient, time-saving, and cost-effective manner before launching them in the stores.

Appknox undertakes three levels of scanning on the customer's apps. The Static Application Security Testing (SAST) level examines the application binaries and checks for basic issues such as configuration issues, permissions being used, and incorporation of the appropriate libraries. The Dynamic Application Security Testing (DAST) level is more of a runtime version of testing, that comprehensively analyzes and detects loopholes to help businesses secure them from runtime and network attacks. Finally, the Manual Application Security Testing (MAST) level involves a thorough manual check of business logics and features by Appknox's security researchers in around three to five days to detect threats. All the above tests are available for both Android and iOS platforms. "Appknox ensures that the security testing is done in parallel with the software development lifecycle," says Panda, the Co-Founder and CMO of Appknox.

Appknox ensures that the security testing is done in parallel with the software development lifecycle


Also, the company offers easy-to-comprehend reports that help even individuals ignorant about security to understand vulnerability issues, their causes, and methods to fix the issues.

With no security vendor guaranteeing 100 percent security, Appknox encourages a combination of multiple security solutions such as active monitoring, obfuscation, and also bug bounty programs to assure timely detection of vulnerabilities and development of an action plan to combat a cyber attack. Active monitoring systems help secure an app in real time while undergoing an active attack and obfuscation safeguards the privacy of sensitive online data. Bug bounty programs reward the discovery and reporting of security problems in a company's channel. Appknox also invests heavily in training its security staff for a more comprehensive awareness of security issues.

Appknox was employed by one of the largest global fast moving consumer goods (FMCG) companies to undertake the testing of its five mobile apps. Appknox effectively managed the security testing for the apps and within six months began handling another 400 of the customer's apps. The rapid testing provided by Appknox reduced the customer's app security clearance timeline from 15 to 2 days without the addition of any headcount or costs. Appknox helped the customer detect and remediate more than 150 high-level threats in their outsourced apps and continues to offer ongoing security testing.

From its initial focus on the Asian market, the company is now aiming for global expansion and has acquired 12 partners in countries such as Japan, France, the U.S., Australia, and Korea. "We have enabled our partners to offer fully-functional and easy to use white-labeled solutions, where they can preserve their branding," says Panda. Considering its burgeoning status in the U.S. market, the company is set to double its effort to expand in this country. Also, with a partner on board, Appknox will have its presence in the Middle East next month.