Mobile App Security Testing
Mobile Application Test
Today, mobile telephones with Internet access have become a new channel of communication and promotion for companies. The so-called “apps” or applications for mobiles grow exponentially, and ultimately having an application for immediate communication between the company and the client has become a new form of mandatory interaction. But what security risks are involved with said “apps”?
Why?
When a company designs this type of applications, it does so thinking about its functionality, its value at the level of marketing, the proximity it generates with its clients, e-commerce opportunities it provides, etc. But the reality is that it should also be borne in mind what can happen if users suffer some kind of incident on their computers through the application. Mobile devices contain valuable information which must be protected, such as the list of contacts, calendar, documents and access codes and other personal data. In addition, the company must protect the assets available to the user. By implementing the use of these applications, the company provides a code that is installed on the computer of a client that permits access to data that a third party could manipulate for improper use.
How?
Through various security analysis techniques, it is possible to evaluate the app security in order to ensure both the security of its users and communication with other security assets of the companies that support them.
Said techniques range from:
- Static analysis
- Dynamic analysis
- Source code review
- Database check
- Using a proxy to analyze communications
- Analysis of the file management, memory and network
- Study of the data storage protective structure
- Snapshots and keyloggers control
- Application decompilation
In some cases, the methods used are exclusive to one type of application or to the specific needs of our client, but generally a customized combination to obtain a complete and relevant analysis of the mobile application is deployed.
We always work closely with our clients providing information at all times about our actions and discoveries. For us, working closely with our clients is the best way to understand and help them.
Benefits
Mobile app security testing services are tailor-made projects for our clients. Thus, our work begins and ends where the client requires, either with:
- Reporting results
- Presentation of results meetings or workshops
- Executive reporting
- Training sessions aimed at understanding the deficiencies found
- Remediation period support
- Validation of remediation.
This activity permits control of the security of those islands outside the infrastructure of the company known as the apps. The apps are installed on the client side and a security error in them can compromise the security of the company as well as the user’s one; so the risk of damage to the image of the company is important.
“The security of our IT environment is a concern for us; it is difficult for us to have an overall view of our various hotels and their related facilities. Working with A2SECURE we have that view, and we know how to improve day by day.”
Occidental Hotels Deputy Technical Director of Systems and Communications
“A telecommunications operator for professionals like Neosky, can not only offer the best connections. Giving added value to our services is a necessity and for our clients’ perimeter security we trust in A2SECURE.”
NeoSky Senior Product Manager
“ Like all companies every day we are more dependent on the Internet. Having someone externally valuing our security and helping us to improve is very important for us and that is precisely what A2SECURE offers”
UNIPOST Organization and Systems Director
“ For eDreams, as low-cost flights leader, security is a key issue. That is why we work with A2SECURE”
eDreams ODIGEO CTO
“ A2SECURE has made the work of auditing our network much easier. A2 team takes care of this nightmare”
Azucarera Ebro IT Systems Director
“ We evaluated other partners who could support us in improving our security and we have finally chosen A2SECURE, because it combines the best solution with a very personal and direct support”
Atrapalo IT Director
What makes us different?
A2SECURE has a highly qualified team to develop Ethical Hacking/Pentesting activities supported by various international certifications. But our trademark is our vocation to make our clients understand our results.
A pentesting activity is really useful when the client is able to understand what has been found, the risks it implies and how it has been possible to get there. The latter is the key point: knowing how a successful attack has been possible, understanding if it is necessary to implement additional control and change an internal process that is causing breaches. In short, taking advantage of the exercise transforming it into improvements for the company.