The mobile security audit offers end-to-end services including application mapping and reverses engineering to identify technical vulnerabilities in your mobile applications.

  • Review mobile app security requirements
  • Identify risk with newly built mobile apps
  • Eliminate security vulnerabilities
  • Uncover gap in existing security defenses

During testing we follow the OWASP Mobile Security Project mainly focusing on the Top Ten Mobile Controls:

  • Identify and protect sensitive data on the mobile device.
  • Handle password credentials securely on the device.
  • Ensure sensitive data is protected in transit.
  • Implement user authentication,authorization and session management correctly.
  • Keep the backend APIs (services) and the platform (server) secure.
  • Secure data integration with third party services and applications.
  • Pay specific attention to the collection and storage of consent for the collection and use of the user’s data.
  • Implement controls to prevent unauthorized access to paid-for resources (wallet, SMS, phone calls etc.)
  • Ensure secure distribution/provisioning of mobile applications.
  • Carefully check any runtime interpretation of code for errors.

Mobile App Security Audit consists of -

A practical verification of the mobile application security according to the Top Ten Mobile Controls. It mainly involves -

  • Fuzzy testing of all user inputs, check if all input parameters are correctly validated
  • Business logic testing
  • Analysis if encryption and digital signing is used by the application.
  • Check if a secure storage is used
  • If SSL client certificates are not used, analysis of the used password policy