attack@crypto-gen.com | +94-11-5928888

Mobile Application Security Assessment

MOBILE APPLICATION SECURITY ASSESSMENT

Our Mobile Application Security Assessment is designed for all mobile, Google Android, Apple iOS, Windows Mobile, and Blackberry applications. Our experts examine your critical business security areas and review your applications. This thorough analysis helps your team to establish policies and practices that can help you protect sensitive data in transit and storage, advance your mobile authentication efforts, mobile access control, and additional protections.

 

OUR ASSESSMENT METHODOLOGY

CryptoGen uses an approach combining web application security assessment techniques with assessment techniques specific to mobile computing environments. CryptoGen's assessment methodology is based on emerging industry standards, such as those defined by the Open Web Application Security Project (OWASP), which include the OWASP Top 10 and Application Security Verification Standard (ASVS). These capture the major classes of vulnerabilities and weaknesses that might exist in systems incorporating mobile applications.

Additionally, CryptoGen examines security risks and usability weaknesses that are common in a mobile computing environment, including, but not limited to:

  • Application permissions model
  • Encryption APIs and hardware-supported encryption capabilities
  • Security of network communications and data transmissions
  • Residual data analysis of local storage and caching (passwords, usernames, PII, and other sensitive data)
  • Native code execution
  • Ability of user to protect the device and lost device scenarios
  • Application licensing
  • Insufficient authorization from mobile client to back-end systems
  • Session hijacking
  • Security of device backup mechanisms

 

OUTCOME

When we are all done with the assessment, our clear, actionable reports include a strategic executive summary, scorecard, and detailed findings that can serve as evidence of application security due diligence and compliance. Each finding includes a full description of the risk, including the likelihood and impact of a successful exploit to the business. We provide detailed procedures to reproduce the finding, including detailed remediation guidance. Using this information, you can enhance and strengthen your mobile security posture.