In the evolving world of technology, mobile applications are becoming more dominant than ever, this evolution has created a full range of new attacks.
Mobile security testing delivers coverage across the complete mobile app environment, from the local app running on-device to the back-end web services. We identify vulnerabilities in mobile applications and prioritize remediation guided by the OWASP Application Security Verification Standard.
Threat profiling is not limited to the following key areas. We cover all the aspects of security including:-
- » Poor authentication and authorization
- » Improper session handling
- » Data flow issues
- » Side channel data leakage
- » Insecure data storage
- » Server-side controls strength
- » Deficient transport layer protection
- » Client-side injection vulnerabilities
- » Cryptography
- » Confidential information disclosure
Threat modelling allows to identify threats that have the greatest potential impact to the application. This phase should be used to prioritize specific application components. The testing team should familiarize themselves with the general architecture and usage scenarios for the application.
Vulnerability Analysisphase of testing should employ automated scans to complement an intensive manual inspection of application components.
During the exploitation phase of assessment, in-depth analysis for common insecure programming practices and custom security mechanisms within the application. During the reporting phase all the vulnerabilities identified in the above phase should be documented. The report contains the gaps identified, risk rating along with remediation measures.