Mobile Assessment
Applications provide an excellent way for businesses to provide value to their customers, and an excellent attack vector to compromise your data.
Assessing Mobile Apps
Popularity of mobile devices has created an excellent new way for companies to offer value to their consumers through the use of mobile applications. While often the main focus during the development cycle is user experience, proper security is rarely ever implemented. As seen previously, this will result in customer data loss, and in some cases provide a way into the main corporate network through improper configuration of backend services. Depending on the application being assessed, Our security experts first composes a compliance checklist followed by a full run time binary analysis as well as a thorough code review, resulting in a comprehensive report identifying the vulnerabilities found, along with a detailed risk assessment for each. Our expertise as a world-class application developer puts us in an excellent position, years ahead of our competition.
Common Issues
- Hard coded credentials
Developers blindly trust many of the OS services such as Apple's keychain and use these to store sensitive information, Or they fail to account for decompilers which can allow an attacker to view hard coded information. These hard coded credentials can then be used to access sensitive information in other parts of the back end system. - No encryption
Back-end communication is rarely ever encrypted, and even when it is, it is not implemented correctly, allowing anyone on the network to view sensitive information. - Improper authentication
In most cases, developers do not implement proper authentication mechanisms and assume a simple GUI based authentication procedure can not be bypassed.