Mobile devices offer a great user experience option, but they attract significant risk as attackers disassemble your application to facilitate an attack on your servers.
By conducting testing on the application before it goes live you can understand the risks and put in place fixes or mitigations before you are faced with a breach.
Out testing leverages the great work undertaken by the OWASP (Open Web Application Security Project) as we follow their guidelines and provide our reports in alignment with their top 10 and WebApp testing framework. This means you have a report and findings that relate to terms and risks recognised by the rest of the security industry.
We use both automated and manual testing methods to ensure the common and unusual/unique aspects of your application are tested.
As a minimum the following are undertaken:
- Security of the communication between the app and the server.
- The types of communication between the app and the server (APIs, REST, HTTP etc).
- The installation method and security of the app (its permissions and loading of other device files or hard coded libraries etc).
- Account requirements and registration process.
- Session management, session handling client side.
- Certificate management (HSTS, certificate pinning and other session protections)
- Data storage on the device (use of encryption, file permissions inherited, ability for other apps to alter stored data, log security).
- Other client side attacks (SQL Injection to the app or it’s database from another client app)
- Embedded passcodes, certificates and other bad practices that can result in both client and server compromise.
If you would like more information, please contact us here and we will arrange a scoping call.