App Auditor is an application security scanner that can uncover configuration errors, authentication and access control issues, missing security updates, or any insecure combination of settings that could lead to elevation of privileges attacks, data loss, denial-of-service (DoS), or unauthorized modification of data held within database servers.
Our audit policy engine helps you to identify technical vulnerabilities, categorize their risks and impact to evaluate and implement safety measures. The tool generates detailed prioritized recommendations on how to fix them as part of the regulatory final report to protect your IT assets from unwanted activities. Through its simple setup and easy-to-use interface, you can immediately discover, assess, and report on the security, risk, or compliance posture of any application store within your environment (on premise or in the cloud) in minutes.
The following areas of security have been incorporated into the App Auditor.
- Encryption to Protect Sensitive Information
- Authorization for the Use of Encryption Solutions
- Securing Information Stored on Mobile Computing Devices
- Use of Digital Signatures
- Use of Non-Repudiation Services
- Encryption Key Recovery
- Managing Encryption Keys
- Renewal and Expiration of Encryption Keys
- Compromise of Encryption Keys
Complete, Accurate, and User Friendly Application Security Solution: prepackaged application security controls based on OWASP guidelines, standards and regulatory requirements (e.g., SOX, FINRA etc.,)
Questionnaire results are presented along with assessment results for a complete end-to-end report on the data store being reviewed.
Complete questionnaire customization capabilities together with annotation, exception, and suppression features.
Fully Scripted Application Security, Risk, Control, and Compliance Questionnaire Development: Create or customize from a number of Automated inventory, testing, information collection, and analysis enable you with the intelligence to harden the security of your web applications (intranet, extranet).
Identify new or rogue installations, develop security rules, perform safe pen tests, audit for policy inconsistencies, and deliver comprehensive reports on the security of your web and mobile applications from every possible direction.
Agent-less data security scanning that can remotely discover, assess, and report on the security posture, risk profile, and compliance status of all of your relational databases and big data stores.
Administer and Manage Application Security Assessment Results and Remediation Jobs: Digital signatures are used when there is a legal, contractual or business need to verify the author or integrity of a document. Digital signatures are always be used when sending or receiving personal identifiable information of customers or employees. Digital signatures are implemented using an encryption technique based on a uniquely related pair of keys where one key is used to create the signature (the private key) and the other to check the signature (the public key).
Reporting facilities to communicate data security weaknesses and policy violations to various team members in your organization (colleagues, executives, and technicians).
Supported-audit-logging-Complementary and Compatible Security Solution: Audit trail logs are created and are active at all times and protected from unauthorized access, modification and accidental or deliberate destruction on all Company information resources that contain confidential information. Activities that can be logged include, but are not limited to:
• All successful and unsuccessful login attempts
• All logoff’s
• Additions, deletions and modifications to user accounts/privileges
• Users switching IDs during an online session
• Attempts to perform unauthorized functions
• Activity performed by privileged accounts Modifications to system settings (parameters)
• Access to restricted data
• Additions, deletions and modifications to security/audit log parameters
Continuously Updated Data Security Knowledgebase: Updates – Extensive and continuously updated security anomalies and knowledgebase of application security, mobile security best practices, configuration database, and vulnerabilities.
Supported by our own application security research and development team to identify, design, develop, and integrate their knowledge, intelligence, and visualization best practices into App Auditor.