Mobile Application Audit
Ensure the confidentiality of the information managed by internal and commercial applications by a mobile application audit
Ensure the confidentiality of the information managed by internal and commercial applications by a mobile application audit

Mobile apps have a growing impact on the corporate word through the development of custom business applications. Mobile app audits are necessary to ensure the confidentiality of sensitive information that is handled by both internal and business applications

Due to the nature of the handled information and the resources that are accessed, third party business mobile app security audits are required for all applicable platforms: IOS, Android , Windows Phone and Blackberry.

At the time of planning a mobile app security audit, you should identify what resources are being handled by the mobile application, what type of information the mobile devices store, and what information is being transmitted. Depending on the application security requirements and criticality, different security analysis techniques may apply to each mobile application, including: mobile app audit -Mobile app analysis, mobile app data transmission security, and Endpoint security analysis.

  • Application unpacking according to its format (APK, IPA, ALX, JAD, XAP)
  • Detection of protectors and code jammers.
  • Source code audit and analysis.
  • Analysis of information stored in the mobile app.
  • Analysis of the platform storage mechanisms.
  • App data access protection mechanisms.
  • External content load or execution.

  • Existing authentication mechanisms
  • Transport layer and encryption mechanisms (HTTP, HTTPS, SSL, TLS,..)
  • Digital certificate verification (certificate pinning)
  • Identification of the resources employed to establish connection.

  • Analysis of the system the mobile application connects to (Webservice,..)
  • Analysis of the OWASP-based security controls.
  • Testing of the authentication and authorization mechanisms.
  • Testing of the server identity theft.
  • Interception of login credentials or exchanged information.
  • Learn more about how our mobile app audit services can help you protect the security of your corporate online apps and services.

OTHER SERVICES

CVSS-based Security Audit

OWASP Web Security Audit

Wireless Audit – OWISAM Wi-Fi Security Audit

Hardening

Bug Bounty – Tarlogic Managed Vulnerability Rewards

Ethical Hacking – Specialized Security Solutions

Advanced Persistent Threat (APT) Penetration

Tarlogic Red Team

Online Fraud Monitoring and Piracy Analysis Services

Hardware Hacking and Reverse Engineering Services.

Security Audit, IT Security and Ethical Hacking Services

Wi-Fi Device and Rogue AP Analysis

Interested in any of our services?