Mobile Application Security Testing
The objective of this phase is to discover as much information about the mobile application and its associated systems as possible.
Securis360 would conduct
- Understanding application and its internals.
- Debugging the Android / iOS based mobile application.
- Reverse the binary, obtain source code to identifying any sensitive information.
- Understand the functionality of the application
and discover the key areas of focus as per OWASP methodology:
- Improper Credential Usage
- Inadequate Supply Chain Security
- Insecure Authentication/Authorization
- Insufficient Input/Output Validation
- Insecure Communication
- Inadequate Privacy Controls
- Insufficient Binary Protections
- Security Misconfiguration
- Insecure Data Storage
- Insufficient Cryptography.
- Understand the authentication and identification mechanism deployed within the application.
- Understand the data storage mechanism.
- Understand remote services.
- Understand network traffic.
Deliverables
Mobile Application Security Assessment Report with details about the observation, risk, severity, business impact and recommendation.