In this rapidly changing world, mobile applications are becoming more dominant than ever. Mobile application developers and enterprise users face with a full-range of new attack vectors that have not been seen before and were not relevant in the world of web-applications.
CYFORT has been performing penetration testing and code reviews for all platforms of mobile applications and has crafted a methodology to address risks and security issues in these platforms, early in the development process as well as implement compensating control for the more mature and solid mobile applications.
Our security experts incorporate state of the art technologies to test mobile applications and analyze the security state of the application.
We have dedicated environments for testing both iOS and Android applications. These dedicated environments allow us to test and analyze the application optimally, on its real environments and devices.
During the testing, we simulate a multitude of attacks, both general application attacks and mobile dedicated attacks.
The testing simulates a real hacker and what he can do to penetrate the application and retrieve confidential data.
Additionally, we analyze whether an application has a positive or negative effect on the environment it uses – hence compromises the overall security status of the device.
Testing of mobile security includes the following:
- Mobile Application Architecture review
- Sensitive information exposure
- Communication’s channel protection
- Authentication mechanism
- Session management
- Input validation
- Error and Exception Handling
- Unauthorized resources access
- Unauthorized phone resources use (GPS, Camera, SMS)
- Malicious code/Backdoors
- Denial of service
- Standard library use
- Correctly application of security mechanisms
- Memory Analysis
- Protocols in Use
- Unprotected application interfaces
- A detailed report of the security vulnerabilities exposed in the PT.
The report contains the following details:
- Executive Summary
- Classification of risk levels
- Description of potential damage from exploit
- Detailed Recommendations