Security Services

Mobile Application Security Assessment

The use of mobile devices and applications has a faster growth rate than any other technology today. Companies focus more effort to complete mobile application projects on time in order to satisfy the user at the right moment. As a result, many of the mobile applications tend to overlook the security aspect, creating a potential “entrance door” for attackers.

A mobile application is potentially subject to the same issues as a classic application (see Web Application Penetration Testing section), but it also introduces new security concepts we should consider:

  • A mobile device differs from a computer in:
    • protection mechanisms
    • storage size
    • memory
    • accomplishment of tasks
  • A mobile device can be stolen or lost much easier than a PC and the person who steals/finds the device could have easy access to data
  • Mobile devices usually connect to networks via wireless technologies; Wi-Fi network protection levels could determine the safety of your data

The development of a mobile application should always keep the above concepts in mind, but for several reasons, this does not always happen.

During our mobile application security assessment, our certified mobile device security analyst will assess any kind of mobile application, covering all currently used operating systems (Android, iOS, Blackberry OS, Windows Mobile) against a wide and exhaustive list of threats such as:

  • Weak server side controls
  • Insecure data storage
  • Insufficient transport layer protection
  • Client side injection
  • Improper session handling
  • And more...

What we deliver

Our final mobile application security assessment report will include the following sections:

  • Executive summary
  • Discovered and Exploited vulnerabilities summary
  • Recommendations for remediation
  • Discovered vulnerabilities
  • Exploited vulnerabilities including evidence of control (screenshot, code snippet, etc.)
  • Discovered Identities (harvested and validated)

Our Certifications

wizlynx's security consultants and penetration testers hold the most recognised certifications in cyber security and penetration testing industry such as: SANS/GIAC GPEN, GWAPT, GCIH, GMOB, OSCP, CEH, CISSP, CISA and more!