Dagah: Penetration testing for enterprise mobility programs
Shevirah Inc. will unveil at Black Hat USA 2016 the free version of dagah – a product that empowers security test teams to assess the security posture of their mobility programs including the users, devices, configurations, and applications.
Dagah is the creation of Georgia Weidman, one of the most trusted penetration testers working today. After years of working directly with corporations and individuals testing mobile devices for malware, Weidman developed dagah so infosec experts can detect and stop dangerous downloads from destroying devices or putting networks at risk.
“Corporate enterprises are throwing money against the threats they perceive from mobility security: BYOD, CYOD, Corporate-Owned, but they don’t measure whether or not these programs work nor continuously monitor their security posture,” said Weidman. “We built dagah to extend corporations’ testing, auditing, and monitoring programs to their mobility systems.”
The dagah mobile penetration testing software automates what today is a labor-intense, manual process of assessing the security of the mobility system.
With today’s release, penetration testers and corporate red teams can immediately begin to automate their testing programs for mobility.
The free version comes complete with professional features such as a full GUI and reporting capabilities, as well as the traditional command line interface.
In Q3 C2016, Shevirah will release the professional version of dagah with features that automate the process of testing mobile systems. In Q4, they will release the Enterprise version which directly integrates into corporate security infrastructures and brings mobility testing into the same seamlessness as vulnerability scanners and web testing tools.
“Pokemon Go showed that even innocent mobile applications from reputable companies can jeopardize mobile phone security,” Weidman said. “But most organizations don’t even know what users are doing with their phones or the corporate data that’s on them.”
You get what you measure, but few enterprises are measuring the posture of their mobile security. As malware shifts to mobile, enterprises need to understand how malicious applications could affect them and their data.
Georgia will demonstrate dagah on Thursday at Arsenal from 4 to 5:50 pm, ,and will use it to send out attacks against Android phones along with what the penetration tester would learn from successfully accessing the phones.