Mobile Penetration Testing Software
Chief Information Security Officers worrying about the risks of corporate data on Bring Your Own Device (BYOD) programs require a method to test the security of these new end points.
Shevirah is the only technology that can measure the whole security posture of an enterprise’s mobility program: the users, the device, the applications, and the infrastructure.
Given only a phone number, Shevirah can phish mobile users via SMS, QR Codes, NFC or send client-side attacks to simulate how hackers would exploit users
Given the installation of a simulated malicious application, Shevirah measures the potential impact of malicious applications on users’ devices and corporate management settings
Simulated phishing attacks can gather basic information, user credentials, or attempt to side-load a simulated malicious application
Works against Android and iOS smartphones and devices
Available soon in free, professional, and enterprise versions
Mobility Testing Services
- For companies without standing penetration test teams, but still worried about the security of Mobility Programs, Shevirah offers the value of the Shevirah software as a service offering.
- Shevirah conducts a week-long penetration test of customer’s mobile device infrastructure
- Shevirah security professionals run multi-faceted attack on mobile devices simulating methods used by modern hackers
Security Awareness/Remediation Training
- Shevirah offers on-line, short training modules on the risks of mobile device attacks and how to maintain good security hygiene with mobile
- Proven to improve user resilience against phishing and client-side attacks
Penetration Test Training
- Shevirah offers 3-day class on how to conduct penetration testing of mobile devices and the Internet of Things
- Instructor Georgia Weidman covers all the methods used by the Shevirah Red Team in conducting penetration tests of mobile systems including phishing, man-in-the-middle, rogue access point, rogue cell tower, client-side, and remote attacks
Social Engineering Penetration Testing
- Shevirah conducts a simulated phishing attack against customer’s mobile users
- Shevirah authors real-world phishing messages, texts, messaging-application messages, and payloads and sends them using simulated methods used by modern hackers
Famed security researcher and author Georgia Weidman founded Shevirah in 2015 to commercialize software for penetration test teams to assess mobile security solutions leading to more secure enterprise endpoints: smartphones, tablets, wearables, and the Internet of Things. As hackers shift methods from traditional remote network attacks to social engineering and new endpoint attacks a gap in enterprise testing has emerged. Shevirah closes that gap with software for internal test teams and services for businesses without their own standing team.
In 2012, Weidman recognized that there was a parallel between where mobile security was and where network security was in the early 1990s.
In the early days of network security, Firewalls and Intrusion Detection Systems emerged and enterprises quickly deployed them against hackers. But hackers knew how to evade them through fragmentation, and Christmas Tree Attack. Once the first penetration testing software was available for enterprises to test their own defenses, these hacker techniques were discovered, simulated against network protections, and gaps were discovered. The network security solutions got better and more resilient. Weidman knew that Mobility needed a similar renaissance. She applied for and won a DARPA Cyber Fast Track grant to build what became the Smartphone Pentest Framework, which she released to the open source community.
Her company Bulb Security provided training and support for mobile penetration testing until the formation of Shevirah.
Weidman joined with inventor and entrepreneur Mark Longworth to bring Shevirah’s software and services to market. Longworth is a veteran of the 1990s network security market where he invented the NetWitness network forensics analysis tool, now RSA Security Analytics.
The team is rounded out with Charles Bobbish who is a corporate development expert and entrepreneur.
Mark Longworth, CEO
Inventor, software developer, security expert, systems engineer, and intelligence officer: Longworth has demonstrated his versatility and ingenuity in his 25 years of professional experience in and around the National Security Community.
After leaving the government, Longworth formed Forensics Explorers as a vehicle to market and advance his patented invention: NetWitness, now RSA Security Analytics. Longworth served as Forensics Explorers’ General Manager growing it from $0 to $4m in revenue until its sale to ManTech International in 2002. The NetWitness company spun off from ManTech and later sold to RSA in 2011. In May of 2005, Longworth joined Tenacity Solutions, a cyber security services firm. As Chief Strategist, Longworth led the growth from $2m to over $35m in revenue, lead the capture of a $100m prime contract, and grew the sales pipeline to $1.2b. In 2014, Tenacity sold to CSC. In January 2016, Longworth joined Shevirah Inc. to commercialize mobile device security testing solutions.
Georgia Weidman, CTO
Shevirah founder and CTO Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured internationally in print and on television. She has provided training at conferences such as Blackhat USA, Brucon, and CanSecWest. Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security culminating in the release of the open source project the Smartphone Pentest Framework (SPF). She founded Shevirah Inc. to create product solutions for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions and is a graduate of the Mach37 cybersecurity accelerator. She is the author of Penetration Testing: A Hands-On Introduction to Hacking from No Starch Press. She was the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award. She is on the board of advisors of the angel backed security training startup Cybrary and the nonprofit Digital Citizens Alliance.
Charles Bobbish, COO
A senior executive with over twenty years of experience in profit/loss management, international business, systems engineering and technology in diverse Government and commercial environments. In depth experience in support of U.S. Government international activities. Buy- and sell-side acquisition experience. Successful entrepreneur, having founded and sold a government services company.
For more information on Shevirah’s testing solutions to mobility risks, please contact us using the form on this page. Shevirah is accepting pilot users for its Shevirah Professional mobile penetration testing software. Contact us to participate in these pilots.