Mobile Application

Mobile security audit focuses not only in the security testing and defensive use cases, the goal of the project is to become a complete homologation for Android APKs, which includes:

Static analysis (SAST): It will perform a full decompilation of the APK and extract all the possible information of it. It reports the different vulnerabilities and findings in the source code grouped by different categories. Also, it has full support on finding triage (change status and criticality).

Malware analysis: Identifies dangerous permissions and suspicious code.

Best practices of secure coding: Tells developers in which parts of the code they are coding securely and where they are not.

Mobile app security assessment involves both dynamic and static mobile security testing methods. The testing follows OWASP Top 10 mobile framework. Our mobile security assessment also supports all the commonly used mobile platforms including Android, iOS, Windows, and Blackberry. It is an in-depth mobile app assessment that includes unique behavioral analysis as well as privacy checks.

Mobile app pentesting is a simulated attack that is designed to uncover any security weaknesses in your business’ iOS or Android apps. Mobile app pentests consist of a security assessment of both the application on the mobile device itself, and an assessment of the back-end web services (API) that supports the application.

Documentation and reporting are important details that we provide in the report. We include both executive summary and technical details to meet the needs of both leadership and app developers. Specifically, this detailed penetration testing reporting is broken down as...

• Summary risk and app strengths/weaknesses risk-prioritized vulnerabilities and description of vulnerable code sections (when source code review is integrated)
• Attack walkthrough (including screenshots)
• Remediation and defensive recommendations

OWASP, OSSTMM, CVSS, CWE ...