Mobile App Security Testing


Today’s internet traffic is moving from desktop browsers to mobile browsers, because of the increased usage of mobile apps. Unfortunately, mobile applications are not safe, in fact they introduce serious cyber security problems for the "data in transit" and the "data at rest".

Features

The Mobile Application Penetration Testing service entails a detailed on-device and off-deviec testing of the data.

Mobile App Security Testing Features

Before Testing Starts

  • On device code exploitation
  • Off device code injection
  • Called Web Service Exploits
  • Authentication problems
  • Configuration problems
  • SQLite Database related problems

Standards Followed

  • OWASP Mobile Top 10 - 2014

Vulnerabilities Detected

  • Check for Weak Server Side Controls
  • Insecure Data Storage
  • Insufficient Transport Layer Protection
  • Checks for Poor Authorization and Authentication
  • Client Side Injection
  • Security Decisions Via Untrusted Inputs
  • Improper Session Handling
  • Lack of Binary Protections

Test Approaches

  • Rooting Android Device
  • Jailbreaking iOS Device
  • Without Rooting/Jailbreaking

Process

We follow a systematic and yet agile approach to test website security. This helps our customers gain an extremly accurate and elaborate results along with a knowledge base and years of experience on the subject matter.

Mobile App Security Penetration Testing Process

Before Testing Starts

  • Sign NDA
  • Freeze on scope
  • Study Mobile App Architecture
  • Study Mobile App Functionality
  • Decide attack vectors and prioritize
  • Allocate single point of contact
During Testing

  • Black box testing (Without device rooting, jailbreaking)
  • Gray box testing (With device rooting, jailbreaking)
  • Automatic and Manual Testing
  • Testing using OWASP-Mobile-Top-10 Standard
  • Scanning
  • Configuration Check
  • Manifest/Binary Config check
  • Gathering Logs
Testing Details

  • Analysis of data in transit between mobile app stack
  • Analysis of data in transit between app and caller web services
  • Capture and analysis of data at rest on the mobile device
  • Perform Android and iOS specific checks and log capture
  • Map security scenario attack vectors to ensure accuracy
  • Perform analysis on app code modules
  • Manifest/Binary Config check
After Testing

  • Analyse logs
  • Confirm results
  • Apply Knowledge
  • Apply Experience
  • Repeat Test if required
Testing Outcome

  • Detailed technical report
  • Executive summary
  • High level fixation solutions
  • Certificate of testing completion (optional)


Benefits

Mobile App Security testing is a continuous improvement process which is beneficial to the app development firm as well as the app user.

Mobile App Security Benefits

  • Protect application data from hackers
  • Protect application data from other ill-behaving apps
  • Protect application data if the device is stolen
  • Prevent monetory loss
  • Prevent reputational loss
  • Induce confidence in customer
  • Increased ROI for IT investments

Copyright © 2018 Aspire Tech, All rights reserved.