Mobile Application Security Assessment
Smart phones are fast replacing traditional computers. As the user base is rapidly shifting to mobiles, hackers are also shifting their attention to mobiles. Due to this trend, conducting security tests on these applications has become a necessity.
Paladion offers two types of Mobile Application Security Testing assessments to make mobile applications more resilient against attacks. Our assessment tests the application against the Mobile OWASP Top 10 as well as our Plynt Mobile Application Certification Criteria .
Based on the risk profile of the application, you may choose either one of the following two services or both –
- Mobile Application Penetration Test: This test aims at identifying the application vulnerabilities that can be exploited using installed applications on mobile phones. The assessments attempt to detect vulnerabilities and are performed by posing as a registered user as well as an anonymous user. This type of test involves building custom threat profiles in order to discover contextual security vulnerabilities that are specific to the application. The tests are conducted for the realization of the identified threats.
- Mobile Application Source Code Review: This test aims at identifying vulnerabilities at the source-code level. The assessments attempt to detect vulnerabilities that are present due to coding or design flaws and other exploitable vulnerabilities posing as a registered user. This type of test also involves building custom threat profiles. It includes the services offered in the above service category.
We have been performing Mobile Application Security Testing Assessments (for applications such as Mobile Banking applications, M-Commerce applications, Mobile Payment systems, etc.) across various platforms –
- iPad Application Security Testing
- iPhone Application Security Testing
- Blackberry Application Security Testing
- Android Application Security Testing
- Nokia Application Security Testing
- Windows Mobile Application Security Testing
How we do it?
We test mobile applications exhaustively for vulnerabilities that put your valued data at risk. We follow a threat profile-based test case derivation for your application. The threat profiles are derived from the different types of mobile applications that we have tested for the last 4 years as well as global standards like the OWASP Mobile Top 10 . We test and present the vulnerabilities with evidences. We also recommend relevant and contextual solutions for patching these vulnerabilities. Once the patching has been completed, the mobile application is retested. If the mobile application clears the Plynt Mobile Application Certification Criteria, the "Paladion Mobile Application Security Testing Certificate" is issued.
What do you get?
Paladion will provide a detailed report after the completion of the assessment. The report will highlight the weaknesses in the system along with evidences. It will also provide solutions for fixing each identified vulnerability. The report will benchmark the findings of the assessment with the OWASP Mobile Top 10 . In the case of a Plynt Certification project, the report would highlight the areas of non-compliance with the Plynt Mobile Criteria.
- Helps you to eliminate threats by raising the threshold for potential intrusions, theft and fraud.
- Provides you with the confidence that your application is secure.
- Helps you to reduce your customer's security concerns regarding your mobile application.
- Gives stakeholders the confidence that your mobile application meets the highest security standards in Mobile Security.
- Satisfies the management as well as the external auditors that you have taken the necessary initiatives to safeguard the application against mobile threats.
What do we promise?
- Your application is tested against the best of the security standards by skilled testers.
- Accurate results are provided in less time by our automated-cum-manual approach.
- On-demand service is ensured with the flexibility to schedule your tests.
- Support is guaranteed throughout your mitigation life cycle.
- You will receive a Plynt Certificate stating that your mobile application meets the Mobile Security requirements.
- Your application will comply with the global OWASP Mobile Top 10 standard.
Download brochure PDF