Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
We've come a long way delivering innovative solutions. But our next chapter is still being written.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
We carry our lives around on our phones.
You hear it all the time and it's true. But as "bring your own device" becomes the norm in private enterprise and government, we're increasingly toting more than just our own lives. Through enterprise mobility apps we're carrying around access to company networks, proprietary data, sensitive customer information, and more.
With that kind of accessibility, a single compromised device could mean severe consequences for organizations and the lives of their customers and employees. If you're charged with developing, integrating, or maintaining mobile apps, you had better be certain that they're secure.
That’s why Booz Allen created AppCritique, to make it easier to thoroughly vet Android and iOS mobile apps for security vulnerabilities.
Today’s enterprise mobile app developers have their hands full. The mobile development ecosystem evolves at a rapid pace—far faster than the PC software world. Android and iOS software application program interfaces (APIs) change on a 9-month basis. Keeping apps updated with these latest features along with security fixes from Google and Apple is beyond a full-time job. Simultaneously maintaining full awareness of known vulnerabilities and threat actor’s evolving tools, techniques, and procedures is a juggling act that’s next to impossible.
AppCritique’s free, fully-automated mobile app vulnerability analysis service puts uploaded apps through dozens of checks, including for some of the latest detectable vulnerabilities. By providing detailed security reports within hours or even minutes, it frees app developers to better concentrate on delivering in-demand features and capabilities that take full advantage of iOS and Android’s latest functionality.
Booz Allen's Corey Garst and Chris Forant lead the project team that developed AppCritique. Corey is an expert in mobile security research and analysis, while Chris is an app developer and cybersecurity expert who works with our U.S. intelligence community clients.
“Some of Booz Allen’s best app developers, malware analysts, and penetration testers created AppCritique. We designed this unique tool to generate the most comprehensive mobile app security reports possible,” says Corey. “Our engine is built for flexibility, so we often add security checks based on evolving platform documentation, emerging appsec research, and industry awareness publications like the Open Web Application Security Project Top 10.”
“Our best app developers, malware analysts, and penetration testers created AppCritique. We designed it to generate the most comprehensive mobile app security reports possible.”
The degree to which we succeeded at that goal—creating the most comprehensive mobile app security reports possible—is perhaps best demonstrated by the fact that the AppCritique team helped the National Institute of Standards and Technology (NIST) create the industry’s first unified list of the capabilities and techniques used to identify vulnerabilities in mobile applications. NIST, a physical sciences laboratory within the U.S. Department of Commerce, supplies standard reference materials for industry, government, and academia as part of its mission.
Corey is proud to bring much of AppCritique’s industry-defining core functionality to the public for free. “AppCritique’s automated assessment is in a league of its own as far as free tools go,” he says.
Automated scans and reports are the be-all and end-all for most mobile app security vetting services, but with AppCritique’s paid tier, AppCritique Pro, they’re only the starting point.
For AppCritique Pro, elite cyber practitioners like Chris and Corey deliver written reports that are
“The AppCritique team brings together a unique mix of experts from government, defense, and private enterprise,” says Chris. “Our clients benefit from an encompassing, cross-sectoral understanding of the threat landscape.”
For organizations, that means the ability to get proactive about securing their networks and data against the elevated risks brought by increased enterprise mobility. For app developers, it means the power to work with the confidence that their products are secured to the full extent possible.