// MOBILE
APPLICATION SECURITY
ASSESSMENT //
With the rise in the number of smartphone users and application downloads daily, users and organisations are facing new threats that are mobile application related. This is especially true since mobile applications are becoming just as complex as their web application counterparts.
However, the mobile application might not be following the same security practices as the web application. These insecure applications can expose sensitive data or become the entry point for an attacker to conduct more advanced attacks such as planting a ransomeware into the internal network. It is crucial for an organisation to perform a mobile application testing before deploying their applications to ensure the safe use of the user and also the organisation.
Benefits of performing a Mobile Application Security Assessment:
-
Identify current mobile application vulnerabilities.
-
Mitigate the risk of the vulnerabilities being exploited.
-
Reduce application downtime.
-
A better overall understanding of the current cybersecurity posture.
How we perform a Mobile Application Security Assessment:
-
We leverage the OWASP Mobile Security Testing Guide (MSTG) as the foundation of our mobile application testing methodology.
-
Various tools such as BurpSuite and Needle are also used to supplement the testing to ensure that a complete and thorough assessment is done.
-
Both authenticated and non-authenticated testing can be performed, depending on the customer requirement.
-
Testing can be done during business hours or after business hours, depending on the risk appetite of the customer.
-
Revalidation on issues found is done to ensure that the mitigating steps taken are working.