The rapid introduction of mobile devices in business and personal use continues to challenge companies to ensure applications are safe and secure. Increasingly sophisticated attacks and threats puts your corporate data and customers at very high risk. Applications succeeding in this area for a business must accomplish the two fold goal of delight without fright.
Symosis partners with your team to understand your mobile vision to achieve your business goals. Our services focus on ensuring security threats are mitigated to protect your customers’ information and your business’s reputation in the dynamically changing mobile arena.
Security Assessment & Penetration Testing
Symosis security assessments and penetration testing identifies inherent and potential vulnerabilities present in the IOS and Android mobile application that can be exploited by an adversary with malicious intent. The testing focuses on IOS and Android mobile platform specific threats like jail breaking / rooting, mobile device data storage, privacy and data protection, secure communication, input validation and buffer overflow. The documentation provides a detailed remediation plan to limit exposure and raises awareness of security risks.
The testing will cover the following broad areas
The exercise provides the following benefits
- Identify mobile applications (IOS / Android) risks
- Understand technical and business risk
- Assess security and privacy compliance requirements
- Develop remediation plan and implement security controls
- Regression testing to verify fixes
Architecture Review & Threat Modeling
Mobile IOS and Android platforms by default make certain promises about their environment. Development teams should not rely on these promises to protect critical data and code. IOS and Android App architecture review and threat modeling assesses and documents security risks in the context of use cases, services, roles and functions unique to your application. The threat modeling is performed in collaboration with your business, engineering, operations and corporate security teams to understand and create the system’s security objectives, threat profile, attacks, vulnerabilities and countermeasures from design to deployment. The exercise provides the following benefits
- Identify mobile apps security objectives and functionality
- Understand threats, attacks and vulnerabilities
- Design countermeasures and Improve security
- Reduce cost & drive testing
IOS / Android App Security Code Review
Security code analysis examines the code as it executes in the running mobile application with the tester tracing the external interfaces in the source code to the corrosponding interactions in the executing code, so that any vulnerabilities or anamolies that arise in the executing interfaces are simultaneously located in the source code, where they can be fixed. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. Symosis combines automated and manual code analysis techniques in a multi- step process of familiarization, prioritization and analysis to understand the context and make relevant risk estimate that accounts for both the likelihood of attack and the business impact of a breach. The exercise provides the following benefits
- Identify and remediate code level vulnerabilities
- Conduct security due diligence of key applications and 3rd party software
- Meet regulatory requirements (PCI DSS 1.2, clause 6.3.7)
- Educate developers on secure coding best practices
- Enforces security as development priority