Mobile application testing
In the past years the mobile market has grown non-stop and became an alternative target for attackers.
Mobile applications running on Apple iOS or Android environments have shown a great variety of use-cases going from games to mobile banking. These applications bring a unique challenge to information security, as they can combine multiple technologies in a single piece of application.The technologies can range from web services, check scanners, custom cryptography and native code components. The risks for mobile applications differ from normal web applications or client/server applications, due to the sensitive nature of the alternative data stored on a mobile phone.
Portcullis works hand-in-hand with the client on each project to capture the major classes of vulnerabilities and weaknesses that might exist in mobile applications to ensure the client and the end user are secure from a successful attack.
We can test for several different end goals in a mobile computing environment, including,
but not limited to:
- General Coding Errors (Buffer Overflows, etc.)
- Reversibility of the application code
- Application permissions model
- Encryption capabilities
- Data transmission issues
- Residual data analysis (How are passwords, usernames, PII, and other sensitive data stored)
- Native code execution
- Application licensing
- Insufficient authentication/authorisation from mobile client to back-end systems
- Insufficient input filtering from mobile client to back-end systems
- Session hijacking
- Privilege Escalation