Inside Secure Code Protection (Application Security)

Additional Info

CompanyInside Security
Websitehttp://www.insidesecurity.com
Company size (employees)100 to 499

Overview

Code Protection: Instilling Trust Into Your Applications

​Modern applications typically run on open devices (e.g. mobile phones) that are known to be vulnerable to attack. Therefore the devices cannot be trusted by the application developers. This means that developers need to build the applications that are secure regardless of the device environment. This means utilizing​​ tools, technologies and methodologies that allow the applications to protect themselves.

Inside Secure’s Code Protection technology provides powerful automated software protection tools applicable across Mobile, IoT, Desktop and Server platforms.

— Organizations need strong protection proven in the most demanding markets

— Automated code-analysis eliminates human error from the complex process of building a secure application

— Inside Secure integrates into developers’ build systems, enabling any software developer to become a “security expert”

How we are different

-- ANTI-TAMPER


The integrity of an application and its function is achieved by tamper-proofing the application code itself. Tamper proofing is achieved by use of the Code Protection Tool to render an application resistant to analysis, change or manipulation by a hacker.


Tamper proofing means that an attacker cannot​ modify an application to insert malicious code; dynamically analyze an application with “known” conditions, or change the code to observe the effect the change has;​ remove other protections such as root detections;​ or lift components (such as white-boxes) out of t​​​he application to make them easier to​ ​analyse.


At the heart of this is a run time integrity network embedded throughout the application code. This detects and responds to any attempts to analyse, reverse-engineer or otherwise manipulate the application. Attackers trying to compromise the application or other security measures (e.g. white-boxes) will find their room for ​maneuvering so highly restricted to the point that they cannot do any useful work.


-- OBFUSCATION


Obfuscation on its own is not application protection; but it can be a useful technique to have as part of wider defences. Application developers should hide sensitive data in software and obfuscate sensitive code. The obfuscation applied by Inside Secure's tool greatly hinders an attacker’s ability to statically analyse an application.


Integrated directly with the integrity network, and further hardened by it, Inside Secure's Code Protection provides multiple powerful Obfuscation techniques that render reverse engineering and static analysis impractical, ensuring that even elite hackers will move on to softer, less frustrating targets.


-- AUTOMATED, NOT MANUAL


It is important to ensure that there are no gaps in the protection that can be exploited. Inside Secure's Code Protection Tool works on an automated model to protect code. It first dynamically analyses the software, then uses that analysis to determine where best to insert the