data security and cryptography

the research and technology group for data security and cryptography


Date of approval: 2016/04/20

The group leader :Gholamreza Ahmadi

The primary pursuits of the research and technology division include:

Web and network penetration testing, network security evaluation, and security certificate issuance

Program for the Research and Technology Unit:

The majority of firms nowadays use software and applications that are integrated into their organizational and operational frameworks. This integration is so clear and thorough that, occasionally, a firm may be challenged and even suffer financial losses as a result of a software failure.
Unfortunately, abusers and hackers are aware of this level of importance, which has led to a variety of hacker assaults and security concerns on modern organizations' software, which raises the following question: Do businesses have the appropriate safeguards in place to create secure software that meets all requirements?

We might use Gartner's data in response to the query, which states that 90% of software vulnerabilities result from a lack of consideration for software security during the program development life cycle (SDLC).

It is anticipated that the number and use of mobile applications in various industries will continue to rise in the future. In recent years, the use of smart phones and mobile applications, particularly in the context of the Android operating system, has substantially increased. Security issues have always been a problem with mobile applications on the Android platform because of its open-source nature.

Since mobile applications are placed on actual mobile devices, intellectual property owners do not have complete control over them. As a result, it's feasible for a hacker to gain access to it quickly and exploit it in various ways (including through reverse engineering and text modifications in the code). Additionally, some malware can enter an installed software program during execution and gain access to its crucial data.

 

Consequently, these are the group's objectives:


• Adoption and thorough use of global standards and procedures in the study of mobile vulnerabilities

• Mobile application testing

• Keeping the vulnerability and penetration method database up to date.

• Performing several tests for apps simultaneously while being as efficient and quick as possible.

• It's simple to use and doesn't require specialized information security knowledge.

• Automated execution of each security test in each of the three categories—vulnerability scanning, security analysis, and risk analysis.

• conducting security tests using only the software's apk file and in a completely blind fashion.

• Selecting and educating distinct teams in each of these areas

• Offering provincial offices security consultations

• Establishing the provincial and organizational CERT working groups