Mobile Application Security Services

Mobile applications enable new threats and attacks which introduce significant risks to the enterprise.

Summary:

Majority of mobile applications do not have the necessary security controls in place to adequately protect data.

The biggest risks posed by mobile applications are data loss through an exploit, such as Denial of Service, Elevation of Privilege, Tampering, Spoofing, and Repudiation or from devices being lost or stolen.

Mobile devices also move data from safe networks to insecure networks seamlessly.  Devices could  be lost and stolen, or an attacker can hijack sessions through sniffing. This enables an unauthorized person to access stored data and credentials. The attacker now has the same privileges as  the device’s owner and has the ability to masquerade as the application’s user, which, in some cases, can expose the entire enterprise to legal and financial risk.

Service Overview:

Good security decisions depend on a thorough understanding of your application’s overall security posture. We examine the security areas that are critical to your business.

Our reviews begin with an interactive, collaborative session with your development and technical staff. During this session, we will understand the current system architecture, assess business processes, and identify general strengths and weaknesses in the security architecture.  We understand business drivers/needs, mandates, regulations, compliance requirements. We assess design and architecture of current and pending network security architecture plans: redundancy, segmentation, access, management tools. The subsequent in-depth review includes items such as:

  • Insecure Data Storage
  • Weak Server Side Controls
  • Insufficient Transport Layer Protection
  • Client Side Injection
  • Poor Authorization and Authentication
  • Improper Session Handling, Cookies, Tokens
  • Security Decisions Via Untrusted Inputs
  • Side Channel Data Leakage, Identify data leakage points (such as Cloud, Synching, SD cards, and device file system
  • Broken Cryptography
  • Sensitive Information Disclosure

Our recommendations will highlight areas that need to be strengthened with prioritized recommendations based on risk level. Your team will be armed with an action plan with which to move forward.

Duration:

Typically 3-5 days, with 80% time on site and balance for summarization of findings.

Fees:  Contact Us