Strong protection proven in the most demanding markets
Automated code-analysis eliminates human error from the complex process of building a secure application
Integrates into your developers' build systems enabling any software developer to become a "security expert"
Modern applications typically run on open devices (e.g. mobile phones) that are known to be vulnerable to attack. Therefore the devices cannot be trusted by the application developers. This means that developers need to build the applications that are secure regardless of the device environment. This means utilising tools, technologies and methodologies that allow the applications to protect themselves.
Inside Secure's Code Protection technology provides powerful automated software protection tools applicable across Mobile, IoT, Desktop and Server platforms.
The integrity of an application and its function is achieved by tamper-proofing the application code itself. Tamper proofing is achieved by use of the Code Protection Tool to render an application resistant to analysis, change or manipulation by a hacker.
Tamper proofing means that an attacker cannot:
- Modify an application to insert malicious code;
- Dynamically analyse an application with “known” conditions, or change the code to observe the effect the change has;
- Remove other protections such as root detections;
- Lift components (such as white-boxes) out the application to make them easier toanalyse.
At the heart of this is a runtime integrity network embedded throughout the application code. This detects and responds to any attempts to analyse, reverse-engineer or otherwise manipulate the application. Attackers trying to compromise the application or other security measures (e.g. white-boxes) will find their room for manoeuvre highly restricted to the point that they cannot do any useful work.
The integrity network created by Inside Secure's anti-tamper technology enables the application to defend itself. The integrity network creates a strong foundation on which to build other security techniques (such as Obfuscation). Without this foundation, these other techniques are easily and quickly broken down by even novice hackers.
Obfuscation on its own is not application protection; but it can be a useful technique to have as part of wider defences. Application developers should hide sensitive data in software and obfuscate sensitive code. The obfuscation applied by Inside Secure's tool greatly hinders an attacker’s ability to statically analyse an application.
Integrated directly with the integrity network, and further hardened by it, Inside Secure's Code Protection provides multiple powerful Obfuscation techniques that render reverse engineering and static analysis impractical, ensuring that even elite hackers will move on to softer, less frustrating targets.
Automated not Manual
It is important to ensure that there are no gaps in the protection that can be exploited. Inside Secure's Code Protection Tool works on an automated model to protect code. It first dynamically analyses the software, then uses that analysis to determine where best to insert the integrity network checks. This gives an optimised integrity network to the profile of the specific application.
In practice, this means the number of checks inserted is an order of magnitude higher than those achieved with a manual or scripted injection approach.
Inside Secure's Code Protection Tool protects against hackers who have unlimited access to deployed versions of the program, and to resist tampering and reverse-engineering even when hackers can experiment with copies of the protected programs over extended periods of time. A software program becomes its own protection system which cannot be switched off or separated out.
If a hacker tries to analyse, debug or attack the application, he will be faced with multiple pre-programmed responses, none of which allow him to understand the security architecture. He just knows that the App stops, crashed or calls for help.
Code Protection is designed for all platform environments… especially high-performance, dispersed and highly hostile - including Mobile & IoT.
Code Protection integrates directly into your software build system. The tools analyse your code both statically and dynamically then automatically injects an optimized schema of various security fragments into a copy of your source, which your developers then compile and build as normal.
Developers never have to interact with the structure of the protection or the codebase; this is all handled as part of the automated build process.
Learn how Inside Secure's Whitebox Tool can keep data and cryptography within your application safe.