Rapid growth of client–server applications developed for mobile platforms is transforming the way businesses and their customers interact with one another. But as the development of these applications is typically driven by functionality, user-friendly design, and corporate branding, security is often overlooked. Even when security is considered, a mobile application is still likely to contain vulnerabilities—and every update creates the opportunity for new vulnerabilities to be introduced.
The risks to organizations are enormous as breaches have the potential to cause significant financial losses and damage to corporate reputation. Particular industries, such as financial services, are under increased pressure since mobile e-banking applications must comply with strict industry regulations.
Mobile application security tests conducted by the experts at Positive Technologies provide you with an independent assessment of the level of security of your mobile applications. Our experts have extensive experience in mobile application security and a track record of over a decade in protecting networks of leading banks, global telecommunications providers, and industrial conglomerates.
Our mobile application security tests include:
Security Analysis of Client-Side Applications—using techniques and tools of our own design as well as the methodologies of recognized international organizations such as the Web Application Security Consortium (WASC) and the Open Web Application Security Project (OWASP). This assessment includes:
- Automated examination of mobile applications
- Manual search for vulnerabilities by Positive Technologies expertss
- Systematic search for attack vectors that could successfully exploit identified vulnerabilitie
- Analysis to determine the probability of fraudulent transactions
Compliance Audit of Server-Side Applications—monitoring for compliance with industry security standards and industry best practices.
For both server- and client-side applications, Positive Technologies carries out both gray-box security assessments (which simulate an attack by someone with user access to the application) and white-box security assessments (which include analysis of the source code and architecture of the application). While white-box testing is more time-consuming, it usually detects many more vulnerabilities.
Results
The key deliverable from our testing includes a report detailing:
- A full list of vulnerabilities found (or evidence showing their absence)
- Sample code demonstrating how identified vulnerabilities could be exploited
- Recommendations on neutralizing identified vulnerabilities and reducing exposure
- Advice on configuration and equipment settings to improve security
- Suggestions on critical software updates and additional security measures
