Mobile Application Security Testing Services
A Focus on the System as a Whole, Not Just the Application
Mobile applications bring a unique challenge to information security. A single application may consist of web services, embedded browsers and native code components. With experience testing mobile applications across industries and on different operating systems, we understand the risks specific to applications using mobile devices and how they differ from web application environments.
How We Approach Mobile Testing
Our team combines web application security testing techniques with those specific to mobile computing environments. We base our approach on emerging industry standards, including the OWASP Top 10 and Application Security Verification Standard (ASVS). These capture the major classes of vulnerabilities and weaknesses that might exist in systems incorporating mobile applications.
We also examine security risks and usability weaknesses that are common in a mobile computing environment, including, but not limited to:
- Application permissions model
- Encryption APIs and hardware-supported encryption capabilities
- Security of network communications and data transmissions
- Residual data analysis of local storage and caching (passwords, usernames, PII and other sensitive data)
- Application licensing
- Session hijacking
- Security of device backup mechanisms