Mobile Application Testing

Overview

Penteor Mobile Application Security Assessment is a holistic and prioritized approach to testing mobile applications which reduces your overall risks and associated remediation costs. Our assessment looks at the security and compliance risks of the entire mobile application, its associated internal or Internet systems and the interactions between them. This broad-based contextual approach is the only way to adequately priorities overall risks to the organization.

As contributors to the OWASP Mobile Security Project, Penteor is thoroughly versed in the emerging standards for mobile application security. Penteor Mobile Application Security Assessment is designed to test the security of the application. Our methodology is based on recognized standards for good practice. We attempt to determine the extent to which your mobile application is vulnerable to potential attacks against the platform, application, network communication, and any internal systems to which it connects. Our intent is to identify the largest areas of risk to your organization through this mobile application and the system that supports it.

Penteor’ Mobile Application Security Assessment methodology is specifically geared to mobile platforms and applications. Each engagement is based on standard, repeatable processes, but is scoped and planned individually. The testing typically combines both automated and manual testing for known vulnerabilities and undiscovered exposures. Specific techniques will vary based on mobile platform, purpose of the application(s), coding practices and quality of the application(s), and the unique deployment environment.

Risks

Common security risks

Weak server-side controls
Insecure data storage
Insufficient transport layer protection
Poor authorization and authentication
Broken cryptography
Client-side injection
Security decisions via untrusted inputs
Improper session handling
API vulnerabilities

Mobile Security Best Practices Review

During this phase Penteor will examine the objectives to be met by the application as well as test directly through the user-interface. These two points of view often lead to the fastest and highest quality results. By reviewing how the developer’s approach to accomplish the application objectives, risk decisions can be evaluated. This step also allows for validation that the implementation matches the desired design. Testing will focus exclusively on application security and security related issues, rather than usability.

The consultant will install the mobile application on the desired hardware platform and/or in an emulator and commence testing. This level of testing seeks to perform a static analysis of the application as it sits on a device to discover if any coding or logic vulnerabilities exist within the application which may lead to inappropriate access, either by an ordinary user during the course of routine application use or by a malicious attacker

Request a quote for web application test