Article

MWR launches Drozer and Needle website

The new website provides user guides, blogs and examples to make it easy to track the development and utilise new features in both tools.

What do you keep close to you almost constantly but that can potentially cause you and your business untold amounts of harm?

The answer: iPhone or Android, Windows or Blackberry, the mobile is modern life’s essential accessory. 

And with mobile applications being increasingly used for such sensitive operations as personal and corporate finance, communication and even romantic liaisons, the lure for attackers is bigger than ever. Indeed, Gartner predicts a sea change this year in what attackers target, with endpoint breaches likely to centre on mobile devices as opposed to the traditional targets of laptops and desktop computers. Furthermore, vulnerabilities or misconfigurations at an application level, as opposed to a device level, are expected to cause 75% of mobile security breaches[1].

To prevent such vulnerabilities and misconfigurations, thorough testing during an application’s development is essential, which is why MWR’s drozer and needle were created. Drozer, launched in 2012 as Mercury, and needle, launched in 2016, streamline the assessment of mobile devices to allow for the effective assessment of mobile applications without the need for multiple tools. Drozer assesses Android applications; Needle Apple iOS.

Now MWR has launched a new website to provide user guides, blogs and examples to make it easy to track the development and utilise new features in both tools. Visitors to the site can use such functions to identify weaknesses in mobile applications as soon as support is added to support the identification of new vulnerable areas 

Mobiletools.mwrinfosecurity.com includes user guides that cover such operations as installing the tool, starting a session, using it for application security assessments and installing modules. Developers can use these guides to get to grips with both tools in order to highlight weaknesses before they are introduced into applications under development and can integrate them into existing secure development lifecycles. 

Drozer and needle are also key tools for security professionals, providing them with a framework for modules to be developed to target specific vulnerability identification and an easy way for integration. For example, security consultants employed by an organisation can use drozer or needle in a red team exercise, where they have an open scope to attack assets belonging to a company to test its digital infrastructure and security standards. The tools allow them to expand the attack surface to include mobile devices as a path of entry into a company’s network.

Commenting on the site launch, MWR’s Group Professional Services Director Martyn Ruks said: 

“Drozer and needle are essential tools for assessing an application’s security from both a developer’s and a corporate security professional’s perspective. The development of both tools has been driven by substantial feedback from the security community and the new website will further encourage collaboration in allowing anyone to contribute to and advance the tools to allow for improved assessment techniques.”

[1] http://www.gartner.com/newsroom/id/2753017

 

 

Accreditations

MWR is an accredited member of The Cyber Security Incident Response Scheme (CSIR) approved by CREST (Council of Registered Ethical Security Testers).
MWR is certified under the Cyber Incident Response (CIR) scheme to deal with sophisticated targeted attacks against networks of national significance.
We are certified to comply with ISO 14001 in the UK, an internationally accepted standard that outlines how to put an effective environmental management system in place.
MWR is certified to comply with ISO 27001 to help ensure our client information is managed securely.
As an Approved Scanning Vendor MWR is approved by PCI SSC to conduct external vulnerability scanning services to PCI DSS Requirement 11.2.2.
We are members of the Council of Registered Ethical Security Testers (CREST), an organisation serving the needs of the information security sector.
MWR is a supplier to the Crown Commercial Service (CCS), which provides commercial and procurement services to the UK public sector.
MWR is a Qualified Security Assessor, meaning we have been qualified by PCI to validate other organisation's adherence to PCI DSS.
As members of CHECK we are measured against high standards set by CESG for the services we provide to Her Majesty's Government.
MWR’s consultants hold Certified Simulated Attack Manager (CCSAM) and Certified Simulated Attack Specialist (CCSAS) qualifications and are authorized by CREST to perform STAR penetration testing services.