SYM is a Mobile Security Solution to Analysis Mobile Apps for Malware , Malicious Behaviours and Vulnerabilities.
SYM Provide two Main Solutions : SYMB and SYMA.
SYMB (Secure Your Mobile Business)
Static Analysis (SAST)
- In SAST, application is tested from the inside out. It analyses the source code or binary without executing the application. It does not rely on the runtime environment. It can be used to test code during development, caching vulnerabilities early on. SYMB in SAST, Analysis code vulnerabilities, App Manifest Misconfig and vulnerabilities, App Components vulnerabilities Such as Activity or Providers vulnerability and Binary libs, App Permissions, App Certs etc. SYMB doesn't need any source of your App, just upload your APK/IPA and get the reports.
Dynamic Analysis (DAST)
- The focus of DAST is the testing and evaluation of apps via their real-time execution. The main objective of dynamic analysis is finding security vulnerabilities or weak spots in a program while it is running. Dynamic analysis is conducted both at the mobile platform layer and against the back-end services and APIs.
Mobile Malware Analysis
- SYMB Scan Your Apps with more than 60 Antivirus in it’s Cloud To detect any Malware or Harmful Components. Furthermore, SYMB checks if any App Use Malware Evasion Techniques such as Packer, Dropper, Anti-sandbox techniques, Crypter, Binder.
- SYMB Check Apps Hard-coded URL/IP for detecting any phishing, Botnet and C&C Servers.
Malicious / Suspicious Behaviours Analysis
- SYMB checks Apps For Malicious Behaviours that can’t find with Malware Analyzer module Such As Record Sound / Video, Read WIFI credentials, Read Sim Card info, Read Contact List, Send SMS, Make Phone Calls, etc Without user Permission.
- Many Apps use API to connect to its Backend server for transfer Data and so on. SYMB Can Analysis API for Detecting Vulnerabilities Such As cryptography, Server Side Auth and others based on OWASP Top 10 - 2017.
Code structure Checker
- SYMB finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and in more than 23 categories.
OWASP, PCI-DSS & Other Compliance Report
Get complied with industry standards / best practices like OWASP, MASVS, MSTG, PCI-DSS, SOX, HIPPA, NIST.