Mobile Application Security Test

 
 

Mobile Application Security Test

Identify vulnerabilities and misconfigurations in mobile applications on Android and iOS

Improsec delivers an independent security test of a mobile application. Our in-depth technical test will uncover vulnerabilities in the mobile application, assess their impact and provide detailed recommendations on remediation.

Value

  • Identify vulnerabilities and misconfigurations in Android and iOS mobile applications

  • Assess if sensitive data is protected as intended in the application and that the application is implemented according to best practice

  • Recommendations to strengthen the level of security and how hardening can be applied

Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision makers

  • A technical section including detailed observations and tangible recommendations to improve the security level and hardening of the mobile application.

Method

Our methodology is based upon our extensive experience within security testing of mobile applications and is further supported by the OWASP Mobile Security Testing Guide and NIST guidelines for security testing. The methodology is specifically made for mobile application testing and cover areas such as:

  • Architecture, design and threat modelling

  • Data Storage and Privacy

  • Cryptography

  • Authentication and Session Management

  • Network Communication

  • Code Quality and Build Settings

  • Resiliency against Reverse Engineering and Tampering

Throughout the test we make use of dynamic and static analyses to uncover weaknesses in the mobile application that could be exploited by an attacker. The test is performed as a series of manual test actions combined with in-house developed scripts, as well as industry leading tools.

Involvement

The delivery requires minimal involvement of your technical staff.


 
 

Download full description as PDF file