Mobile Apps (IOS / Android) Security
The rapid introduction of mobile devices in business and personal use continues to challenge companies to ensure applications are safe and secure. Increasingly sophisticated attacks and threats puts your corporate data and customers at very high risk. Applications succeeding in this area for a business must accomplish the two fold goal of delight without fright.
Our services focus on ensuring security threats are mitigated to protect your customers’ information and your business’s reputation in the dynamically changing mobile arena.
Architecture Review and Threat Modeling
Mobile platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. Architecture review and threat modeling process will includes assessing and documenting security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment.
- Identify security objectives, functionality and context
- Understand threats, attacks and vulnerabilities
- Design countermeasures
- Improve security
- Reduce cost & drive testing
Security Assessment and Penetration Testing
Security assessment and penetration testing focuses residual vulnerabilities present in the mobile (IOS / Android) application that can be potentially exploited by an external or internal adversary with malicious intent.
The testing focuses on mobile platform specific threats like jail breaking / rooting, unlocking, patch management, privacy, data protection, secure communication, input validation and buffer overflow. The documentation raises awareness of the risks and provides a detailed remediation plan to limit exposure.
- Identify mobile applications (IOS / Android) risks
- Understand technical and business context
- Assess security and privacy compliance requirements
- Develop remediation plan and work with your development team to fix issues
- Verify security controls and remediation
Security Code Review
Security code analysis examines the code as it executes in the running mobile application with the tester tracing the external interfaces in the source code to the corresponding interactions in the executing code, so that any vulnerabilities or anomalies that arise in the executing interfaces are simultaneously located in the source code, where they can be fixed. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort.
Combining automated and manual code analysis techniques in a multi-step process of familiarization, prioritization and analysis to understand the context and make relevant risk estimate that accounts for both the likelihood of attack and the business impact of a breach.
- White box review helps manage assurance
- Identify and remediate code level vulnerabilities
- Conduct security due diligence of key applications and 3rd party software
- Meet regulatory requirements (PCI DSS 1.2, clause 6.3.7)
- Educate developers on secure coding best practices
- Enforces security as development priority