Mobile computing, and it corresponding applications, are spreading faster than any other consumer technology in history. Gartner predicts that mobile app projects will outnumber PC projects 4-to-1 by 2015. It’s not surprising that securing mobile apps, particularly around consumer privacy, is moving onto the front page. ASL is a highly disciplined mobile apps security expert with mature methods, a great toolbox, and experienced mobile applications testers.
On the flip side, a growing number of subsidiary organizations and departments buried deep inside larger organizations are flying under the radar scope of corporate security and developing mobile apps on their own more quickly than they should. All too often these rapid development projects are staffed with less experienced designers and developers with inadequate experience and training in secure coding practices.
Using manual methods, ASL tests for security controls in the four most essential areas: file system, memory, network communications, and GUI. The testing can be conducted on a live device or on emulator software. We’re prepared to work with you using whatever approach works best given your unique circumstances. We understand that every situation is different and so we customize our service offerings with every client as a normal course of business. This ensures that our service dovetails perfectly into your specific project no matter what the technical constraints may be. ASL can perform mobile application penetration tests of IOS, Android, Blackberry OS, and Windows phone applications.
Some of the security vulnerabilities checked for in your mobile apps include:
>> Insecure data storage
>> Weak server-side controls
>> Insufficient transport layer protection
>> Client-side injection vulnerabilities
>> Poor authentication and authorization
>> Improper session handling
>> Data flow issues
>> Side channel data leakage
>> Sensitive information disclosure