Identifying and Mitigating Security Vulnerabilities within Mobile and Web Apps

Abstract

Whatever products manufactured here at Philips Healthcare may it be Internet of Things goverened products, healthcare suites, medical appliances, mobile apps, various hardware devices used to develop several healthcare etc. All these products falls into scope of SCoE. At SCoE we have to validate and ensure products to keep them secured. Starting from network vulnerability, O.S. patches, 3rd party library risk assessments, mobile apps static and dynamic pen-test, code review, fortifying computer networks, se- curing IOT and much more is covered under role for SCoE. Based on open vulnerabilities they are classified as per severity and is reported to its concerned developing team, who has to resolve it. The main motive is to bring secure devices and services since healthcare domain having much critical medical data of patients. Miss-use of which leads to risk of someones life. In other way not being doctors SCoE team members are medic who saves lives. Leaded by manager Minatee Mishra who also has aim of making aware of general things which developers do, so we also have to conduct sessions of security awareness and best practices frequently. Inter communication between medical devices has tremendous volume of data to be exchanged and in many formats. Some devices are made having communication medium as Bluetooth, they are analyzed using ubertooth to snif things and ensure that things are not going in clear-text and not fuzz-able state. One of the biggest stake is held by analyzing web-services which governs all mobile apps, web apps, IOT devices.