Mobile devices have become an extremely attractive platform for the development of business applications in various industries. Ease of use and mobility are just some of the advantages that such mobile applications bring when compared to standard online services. On the other hand, new attack vectors and threats against mobile devices are often overseen.
Some of mobile application threats typically do not exist on other platforms or technologies and this makes them especially interesting for attackers. A mobile device being lost or stolen is just one such specific threat that needs to be taken under consideration when assessing mobile device security. Other well known threats include malicious software, insecure storage of sensitive information, data leakage and similar.
Due to this new threat landscape, Griffinix offers specialized mobile application penetration test services that are customized for popular mobile platforms such as:
- iOS (Apple iPhone, iPad),
- Windows Phone
Mobile application penetration testing includes security assessments of both client and server sides used by the tested application. Some of the tests that are conducted on the client side include the following:
Reverse engineering mobile application to determine how it works and its architecture,
Analysis of protection of sensitive data at rest and in transit,
Verification of implemented cryptographic algorithms and their correct usage and implementation,
Analysis of authentication methods (i.e. secure storage and verification of PINs),
Analysis of implemented authorization controls.