Mobile

Vulnerability Assessment & Penetration Testing



Mobile Security assessment encompass laptops, tablets, smartphones and a range of other devices. During testing the intention is to ensure that the supporting infrastructure is secure, that users are tightly controlled and that the device remains secure in the event of loss or theft. This testing can incorporate mobile application testing to ensure that an entire solution is secure regardless of the integrity of the host device.

The Mobile Security Assessment is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation. Our primary focus is at the application layer. We focus not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. We focus heavily on the integration between the mobile application, remote authentication services, and cloud platform-specific features.



Recognizing the increased risk organizations and end-users face, mobile software vendors and business consumers alike are seeking assistance in evaluating the security of their mobile applications. There are dedicated environments for testing both iOS and Android applications. These dedicated environments allow us to test and analyze the application optimally, on its real environment / device. During the testing, we simulate a multitude of attacks, both general application attacks and mobile dedicated attacks. The testing simulates a real hacker and what he can do to penetrate the application and retrieve confidential data.

A major priority of the Mobile Security is to help standardize and disseminate mobile application testing methodologies. While specific techniques exist for individual platforms, a general mobile threat model can be used to assist test teams in creating a mobile security testing methodology for any platform.


This mobile application security testing is broken up into three sections:
  • Information Gathering - Describes the steps and things to consider when you are in the early stage reconnaissance and mapping phases of testing as well as determining the application’s magnitude of effort and scoping.
  • Static Analysis – Analysing raw mobile source code decompiled or disassembled code.
  • Dynamic Analysis – Executing an application either on the device itself or within a simulator/emulator and interacting with the remote services with which the application communicates. This includes assessing the application’s local inter-process communication surface, forensic analysis of the local file system, and assessing remote service dependencies.

Our Branches

Kuwait

Phone: +965 22417158 / 22250008
Fax: +965 22417156

Dubai

Phone: +971 042781090 / 042781091
Fax: +965 22417156

Newsletter

Subscribe