Mobile Application Security Testing

Overview

Technology is changing at incredibly fast pace. It started with a mainframe, desktop, laptop and now mobile devices. Mobiles devices are not just a cellular phone but a full feature computer system. Number of mobile users are much higher than computer users and thus businesses started delivering services via mobile applications. These applications are similar to computer applications and hence are vulnerable to attack. Mobile application security testing is a practice of identifying vulnerabilities in mobile applications.

Why should i spend in mobile application security testing?

Mobile applications are not different from standard computer applications and most of the business have already started delivering service using mobile applications to customers. Often mobile applications are not designed in secure way and thus susceptible to various attacks which may allow attacker to steal sensitive data.

Our Methodology

Indicium uses an approach based on emerging industry standards, such as those defined by the Open Web Application Security Project (OWASP), which include the OWASP Top 10. We examines security risks and usability weaknesses that are common in a mobile computing environment, including

• Application permissions model
• Encryption APIs
• Security of network communications and data transmissions
• Residual data analysis of local storage and caching (passwords, usernames, PII, and other sensitive data)
• Ability of user to protect the device and lost device scenarios
• Insufficient authorization from mobile client to back¬end systems
• Session hijacking
• Security of device backup mechanisms