Mobile apps have a growing impact on the corporate word through the development of custom business applications. Mobile app audits are necessary to ensure the confidentiality of sensitive information that is handled by both internal and business applications
Due to the nature of the handled information and the resources that are accessed, third party business mobile app security audits are required for all applicable platforms: IOS, Android , Windows Phone and Blackberry.
At the time of planning a mobile app security audit, you should identify what resources are being handled by the mobile application, what type of information the mobile devices store, and what information is being transmitted. Depending on the application security requirements and criticality, different security analysis techniques may apply to each mobile application, including: mobile app audit -Mobile app analysis, mobile app data transmission security, and Endpoint security analysis.
- Application unpacking according to its format (APK, IPA, ALX, JAD, XAP)
- Detection of protectors and code jammers.
- Source code audit and analysis.
- Analysis of information stored in the mobile app.
- Analysis of the platform storage mechanisms.
- App data access protection mechanisms.
- External content load or execution.
- Existing authentication mechanisms
- Transport layer and encryption mechanisms (HTTP, HTTPS, SSL, TLS,..)
- Digital certificate verification (certificate pinning)
- Identification of the resources employed to establish connection.
- Analysis of the system the mobile application connects to (Webservice,..)
- Analysis of the OWASP-based security controls.
- Testing of the authentication and authorization mechanisms.
- Testing of the server identity theft.
- Interception of login credentials or exchanged information.
- Learn more about how our mobile app audit services can help you protect the security of your corporate online apps and services.