Mobile apps have changed the way we lead our lives and has transformed the way people work.
Security vulnerability in such mobile apps, not only put the customers at risk, but also can lead to financial loss for the company due to unauthorized transactions, direct access to the database, misuse of loyalty points or discount vouchers. Testing mobile Apps for security is different from testing website for security.
Our experienced security teams test your Android or iOS applications to find potential vulnerabilities and offer solutions to fix the same. After gathering information about the application, the API calls, the function and procedure calls within the application, the review begins with a detailed scan and search into the application’s architecture. Then thorough testing to find existing vulnerabilities is followed by manual exploitations that let us discover any weaknesses.
Besides this, we also test the server-side communication which happens between the mobile application and the web-server, to look for potential vulnerabilities which allow us to perform unauthorized actions on the mobile application, or even directly on the web-application server.
What do we need from you ?
* Application Package (in case of iOS, we need a UDID signed. ipa package)
Our testing process includes :
1. Reversing of the application and performing a Class Dump, analysis of function calls, and effect on the functioning of the application if these function calls are forcefully overridden.
2. Checking ASLR functionality and Memory Injection vulnerabilities
3. Checking API calls with parameter fuzzing
4. Testing for DB and other errors which might be suppressed within the Web-Application by using RESTful monitoring tools
5. Testing for server-side attacks like SQL Injection by tampering with parameter values sent by the application
6. Testing local storage for Unsecure Data Storage (i.e. Storage of tokens and credentials and other sensitive application details on the phone file-system)
For all your Mobile app security testing needs, Contact us on firstname.lastname@example.org