With our “Mobile App Testing Expert Service”, we quickly and comprehensively analyze mobile APPs and find out risks of OWASP Top 10 Mobile Risks. We support clients in hardening their mobile APPs to enhance the security quality of the mobile apps effectively. By accurately fixing mobile APP weaknesses, you can reduce the costs of developers in patching the APPs.
The Treats to Mobile APPs:
1. The APPs are delivered to users, so the APPs are easy to be reverse analyzed and cracked;
2. Mobile APPs are still new and the security awareness in mobile APP development has not yet widely spread;
3. Connection sources are trusted by default. If they ae abused by malicious users, they can break through layers of defense and then directly touch the internal servers.
Benefits
Mobile App Security Assessment is conducted by our experts with hacker’s skills. We assess the security of mobile Apps and the back-end servers with dynamic and static analysis. Our experts will tailor the hardening recommendations according to the analysis result to enhance the security of your mobile Apps.
OWASP Mobile Top 10 Risk Statistically & Dynamically Analyzed
M1 – Improper Platform Usage
M2 – Insecure Data Storage
M3 – Insecure Communication
M4 – Insecure Authentication
M5 – Insufficient Cryptography
M6 – Insecure Authorization
M7 – Client Code Quality
M8 – Code Tampering
M9 – Reverse Engineering
M10 – Extraneous Functionality
● Static Analysis
With tools, our security engineers check if configuration files exist in the installation directory or the program execution records are in plain text. In addition, they also check if the App uses a protection mechanism to protect the App executable files from being analyzed by hackers.
● Dynamic Analysis – App Packet Capturing
Our security engineers will set up a proxy or packet capturing environment for the mobile Apps connecting to the backend server at runtime. The security engineers will operate the App to issue requests to the backend server and record the traffic in the middle. The traffic recorded will help the automated server scanning in the next phase and subsequent manual dynamic testing.
● Automate Server Scanning
In this phase, the system is automated scanned to quickly find out the vulnerabilities in the back-end server with scanning tools.
● Dynamic Analysis – App Behavioral Monitoring & Testing
In this stage, the security engineers will try to discover possible logical vulnerabilities, information leakages, encryption defects and authentication vulnerabilities in the mobile App.
● App Folder Content Inspection
After the above phases, our security engineers will compare the differences in the folder contents before and after the detection execution. The security engineers can detect what sensitive data is stored in the folder during the operation, and then analyze whether sensitive data or configuration can be leaked or tampered.
● Expert Testing & Assessment Reporting
At the final phase, our security engineers will conduct a comprehensive analysis of all the above findings. We will verify exploitability when there is a possibility that the found vulnerabilities may be combined as an attack.
Advantages
● Professional and comprehensive security testing services
We conduct security testing for mobile APP vendors. By strengthening the security level of mobile APPs, we can effectively reduce the security risks for the government, enterprises and individuals.
● Professional APP testing service conducted by expert security team
Mobile APPs are closely related to daily life. When the developers lack awareness of security protection, the APPs may introduce vulnerabilities that may lead to private data leakage or property loss. Recently, there are frequent security incidents, especially with finance-related APPs. We need to pay attention to security of the money transaction process to avoid becoming the victims.
● We have long invested in the establishment of security inspection technologies. By establishing a professional security team, we provide the most comprehensive software and hardware security assessment services. Our mobile APP security testing laboratory provides professional and comprehensive security testing services with the self-developed technologies including vulnerability assessment, source code analysis, penetration testing, digital forensic, cybersecurity health check, ICT security testing, WAF, IDS/IPS, etc. Thus, we can further support our clients in enhancing mobile APP security.
contact us: hello(@)onceamonth.com.my