Mobile App Security Audit
The mobile security audit offers end-to-end services including application mapping and reverses engineering to identify technical vulnerabilities in your mobile applications.
- Review mobile app security requirements
- Identify risk with newly built mobile apps
- Eliminate security vulnerabilities
- Uncover gap in existing security defenses
During testing we follow the OWASP Mobile Security Project mainly focusing on the Top Ten Mobile Controls:
- Identify and protect sensitive data on the mobile device.
- Handle password credentials securely on the device.
- Ensure sensitive data is protected in transit.
- Implement user authentication,authorization and session management correctly.
- Keep the backend APIs (services) and the platform (server) secure.
- Secure data integration with third party services and applications.
- Pay specific attention to the collection and storage of consent for the collection and use of the user’s data.
- Implement controls to prevent unauthorized access to paid-for resources (wallet, SMS, phone calls etc.)
- Ensure secure distribution/provisioning of mobile applications.
- Carefully check any runtime interpretation of code for errors.
Mobile App Security Audit consists of -
A practical verification of the mobile application security according to the Top Ten Mobile Controls. It mainly involves -
- Fuzzy testing of all user inputs, check if all input parameters are correctly validated
- Business logic testing
- Analysis if encryption and digital signing is used by the application.
- Check if a secure storage is used
- If SSL client certificates are not used, analysis of the used password policy