Vulnerability Assessment & Penetration Testing
Mobile Security assessment encompass laptops, tablets, smartphones and a range of other devices. During testing the intention is to ensure that the supporting infrastructure is secure, that users are tightly controlled and that the device remains secure in the event of loss or theft. This testing can incorporate mobile application testing to ensure that an entire solution is secure regardless of the integrity of the host device.
The Mobile Security Assessment is a centralized resource intended to give developers and security teams the resources they need to build and maintain secure mobile applications. Our goal is to classify mobile security risks and provide developmental controls to reduce their impact or likelihood of exploitation. Our primary focus is at the application layer. We focus not only on the mobile applications deployed to end user devices, but also on the broader server-side infrastructure which the mobile apps communicate with. We focus heavily on the integration between the mobile application, remote authentication services, and cloud platform-specific features.
Recognizing the increased risk organizations and end-users face, mobile software vendors and business consumers alike are seeking assistance in evaluating the security of their mobile applications. There are dedicated environments for testing both iOS and Android applications. These dedicated environments allow us to test and analyze the application optimally, on its real environment / device. During the testing, we simulate a multitude of attacks, both general application attacks and mobile dedicated attacks. The testing simulates a real hacker and what he can do to penetrate the application and retrieve confidential data.
A major priority of the Mobile Security is to help standardize and disseminate mobile application testing methodologies. While specific techniques exist for individual platforms, a general mobile threat model can be used to assist test teams in creating a mobile security testing methodology for any platform.