Cyber Security Services

PwnQuest-Mobile Application Assessment

A mobile device, for better or worse, now serves as a gateway into the personal lives of most people. As an organization, you and your development team go to great lengths to render your vision into a viable business model on the mobile platform and work hard to secure your position in the marketplace. However, one small oversight can lead to an obscure backdoor into the ecosystem of your application, allowing attackers to tear into the fabric of your application, and undo the gains that you have worked hard for over the years.

With our cross functional security experts at PwnQuest working by your side, you can be rest assured that we will look into every aspect of your mobile application security and your business environment at large, and communicate to you effectively and clearly the vulnerabilities that we have uncovered and mechanisms to strengthen your security posture.

Our security audits will ensure that you follow the latest and greatest security guidelines and configuration practices issued by mobile platforms (iOS, Android, Windows) to reduce improper platform usage risks that could lead to security issues. Our experts will provide you the guidance to apply the correct platform security controls and ensure there is no incorrect use of the iOS Keychain or Android Intents.
A common vulnerability for mobile applications is related to insecure data storage. It is a common misunderstanding that sensitive data like username, password, encryption keys, tokens, etc are inaccessible. However, there are range of tools available that allow attackers to sniff data available in system log files and SD cards. Our assessment reviews for any critical data being stored in a place where another app or an individual can get access to that data, and issues best practices for ensuring critical data does not persist in memory and sensitive data like encryption keys are not stored in the RAM longer than required.
The vulnerabilities related to insecure communications carry a higher Common Vulnerability Scoring System (CVSS) score and our experts looks at them closely to offer guidance on applying SSL/TLS effectively to secure the transmission of critical data, and also leverage app-layer encryption to protect user data.
Another vulnerability in mobile applications that can be exploited by attackers is related to insecure authentication and authorization. Our reviews require OAuth token mechanisms and encryption to guard all API calls. We also recommend applying out-of-bound authentication measures in an application to prevent unauthorized access and preempt issues related to privilege escalation. Our assessment reviews also ensure that you run integrity checks at runtime to ensure that your application code has not been tampered with and that your apps are not executed on rooted/jailbroken devices. Another aspect that we highlight in our security assessment is for you to increase code complexity and use obfuscation measures to prevent any attempts by sophisticated attackers to reverse engineer the binary of your application and determine its source code.

PwnQuest does detailed checklists cover OWASP Top 10 mobile risks and ensure that any issues related to data flow, data storage, data leakage, authentication, code quality, and server-side controls have been resolved before your app gets published. Our experts provide detailed documentation of identified vulnerabilities, walk you through them, and recommend best practices and guidance to reduce your mobile attack surface and mitigate risks to your business.