Open Close

iViZ Launches The Most Comprehensive Mobile Application Security Testing as a Service

FacebookGoogle+LinkedInDiggEmailRedditStumbleUponPinterestDeliciousShare/Save

mobile application security testingWe are excited to announce the launch of mobile application security testing. iViZ shall provide the most comprehensive mobile application security testing by combining static application Penetration Testing, dynamic application security testing and manual validation. The solution is aimed to provide zero false positive and business logic testing covering most of the WASC v2 threat classes. Due to the increased sophistication of mobile platforms and the proliferation of mobile applications, an organization’s mobile infrastructure represents yet another attack surface on an enterprise network.  iViZ distinguishes itself in this space through its active research in mobile application security and an unique approach of threat surface analysis.

The Key Highlights of our solution are:

  • Combination of SAST and DAST
  • Zero False Positive Guarantee
  • Business Logic Testing
  • Top 10 OWASP Mobile Application Threats

(Read More:  Vulnerabilities in Security Products increasing at 37% CAGR!)

Static Application Security Testing

SAST involves testing various aspects of the client application that is deployed in the device as a native application or accessible by the browser as an HTML/HTML5 Application

Dynamic Application Security Testing

DAST involves discovery of remote end-points with which the target Android/IOS Application communicates over the network. Usually the protocol used for such communication is HTTP (REST/SOAP) based Web Services.

Zero False Positive Guarantee

We ensure false positive removal by combining automated approach with manual validation.

Business Logic Testing

We detect business flaws through the hybrid approach of combining automated testing with manual validation

(Read More:  APT Secrets that Vendors Don’t Tell)

 Top 10 OWASP Mobile Application Threats

We cover all the Top 10 OWASP Mobile Application Threats.

How does our solution work?

iViZ‘s mobile application test involves high level phases of Penetration Testing Process. The test involves 2 primary components:

  • Client Side Testing
  • Server Side Testing

Mobile-Security-Test

Client side Testing

iViZ begins the assessment by evaluating data protection controls on the client device. In particular, we examine where and how the application manages sensitive information, whether the application is properly utilizing native APIs for features like key stores, and whether dangerous client artifacts such as user credentials, personal information, and/or any other sensitive application data are unintentionally or insecurely stored on the phone. As part of this analysis, consultants will also examine memory to ensure sensitive data is properly erased by the application. For open mobile platforms such as Android, mobile applications are also decompiled to maximize understanding and testing coverage. For closed platforms such as iOS, source code is often requested to accompany the engagement or binaries can be reversed at runtime.

Download Free Checklist:   How to assess your Penetration Testing Vendor?

Server Side Testing:

The discovery methodology involves configuring the System to use a custom HTTP based proxy server such as OWASP ZAP or Burp Suite. The target application is then used as per its expected functionality. The network activity generated by the application is recorded by the external proxy, analyzing which the server end-point interfaces are enumerated. If the Server End-Point uses HTTP based Web Services for communication then most of the Threat Classes described in WASC TC v2 will be applicable for the scope of the test.

Upon completion of the assessment iViZ shall provide a single PDF report. The report will provide an analysis of the current state of the assessed security controls.

Few screen shots from our sample report

Mobile-Security-Report

Figure: Screen shot of test details and summary of results

Mobile-Security-Report

Figure: Screen shot of detailed description of vulnerabilities based on severity with recommendations

To know more about this solution click here

mobile-application-security-testing

2 comments

  1. My brother recommended I may like this website. He used
    to be entirely right. This post truly made my day. You cann’t consider just how a lot time I had spent for this information! Thanks!

  2. Security testing is one of the most important part for any apps and it has always seems due to security matters many app gets fail.

Leave a comment

All fields marked (*) are required