Over the last few years, smartphones and tablets have become commonplace in both, consumer and enterprise markets. Keeping information secure on mobile devices is crucial for companies and end users, be it corporate or personal.
Mobile applications often use sensitive data (payment cards information, personal data, etc.) that might be compromised as a result of a hacker attack or a lost/stolen mobile device. Companies often wish to verify the effectiveness of existing security measures and to evaluate the risk of successful exploits. One of the consistent methods of doing that is to perform an end-to-end penetration test.
A penetration test of a mobile application aims to bypass its security mechanisms and gain unauthorized access. The process includes several steps, such as reverse-engineering security controls and application logic, dynamic analysis, inspection of application traffic and locally stored data, examination of the server-side components, and so on. During the testing process, security engineers look at the application from an attacker’s viewpoint and try to devise and launch their own attacks.
DataArt has deep technical skills and extensive experience in mobile application security, testing applications on all device types and platforms, from iOS, to Android and Windows Phone. DataArt penetration testing services cover all classes of mobile application vulnerabilities, including but not limited to:
- Authentication and session management defects
- Use of insecure services and protocols
- Application logic defects
- Insecure local data storage
- Caching and temporary files
- Information leakage
- Privacy issues
- Unmanaged code and memory access
- Weak cryptography