MOBILE APPS SECURITY TESTING
Both business and public organizations today are using mobile apps in new and compelling ways, from banking applications to healthcare platforms. Managing security risk is a growing challenge on these platforms, with new vulnerabilities found every day. Is your mobile app safe from attackers?
HOW IT WORKS
Amandata XecureAPPS offers top-tier mobile app penetration testing services, providing a holistic risk assessment to your mobile application. With industry-leading researchers and security engineers in both iPhone and Android, we provide deep dive testing into local, on-device security issues, back-end web services, and the API’s which connect them.
Deep Support for both iOS and Android Platforms
With deep experience in both iOS and Android penetration testing, we understand the unique security challenges and vulnerabilities with each mobile architecture. This expertise allows us to customize assessments to specific concerns, such as reverse-engineering an iOS app or malware threats to an Android app.Each mobile security assessment simulates multiple attack vectors and risks, including insecure storage, stolen device risk, mobile malware attacks, and both authenticated/unauthenticated app users. Apps residing on in-house mobile devices? We provide custom scenarios to map enterprise conditions as well.
Static, Dynamic, and Source Code Pentesting
Integrating both static and dynamic analysis, our security experts test each mobile app at-rest and during runtime to identify all vulnerabilities. This deep-dive methodology also targets local vulnerabilities as well, such as insecure storage of credentials, Android backups including sensitive app data, etc. While our iOS/Android experts can decompile or reverse-engineering the apps themselves, more vulnerabilities can be identified through a full source code review of the application. By reviewing the app source code during the penetration test, even deeply buried vulnerabilities can be identified and mitigated.
Standard and Jailbroken Device Testing
Our mobile security assessments take multiple attack vectors and threats into account, including Jailbroken iOS and rooted Android devices. By comparing the vulnerabilities of both options, we can demonstrate the security risk from multiple user types, including dedicated attackers and everyday users.
Upon completion of the security test, a detailed report is sent to the client, including the following:
- Executive Summary: Summary of the purpose of this test, as well as as brief explanation of the threats facing the organization from a business perspective.
- Findings: A detailed, technical explanation of the findings of the tests, with steps and proofs of the findings.
- Conclusion & Recommendations: This section provides final recommendations and summary of the issues found in the security test.