Mobile Application Security
Mobile applications present their own unique set of security challenges. Normal application behavior, such as encryption, authorization, authentication, and storage, are all areas that are made more difficult by the fact the user has access to the device your application runs on. Additionally, mobile applications often contain features that are mobile specific but security impacting, such as retrieving a device's location, accessing a device’s camera, or communicating with other applications on the device. Performing these operations securely takes experience and knowledge.
This is where we can help. Our team addresses these challenges through security assessments and training. Our security assessments identify weaknesses in how an application interacts with the mobile device, the remote APIs it communicates with, how the application is written, and the libraries it uses to function. Our training teaches developers how to write secure mobile applications by demonstrating common flaws and how to avoid them, as well as secure use of mobile APIs and libraries. For a full list of what our mobile courses encompass, please visit our training page.
The primary categories of our mobile security services include:
Runtime, Memory, and Forensic Analysis (RMF). Our team analyzes the runtime and memory of your Android or iOS application. Our approach analyzes your controls in a running application and validates their effectiveness. We ensure that contents of memory do not persist. We also analyze the mobile device file system for extraneous data leakage that may affect the application and its users.
Source Code Analysis
Our team uses a combination of static source code analysis and manual inspection to identify vulnerabilities in the mobile application source code (Objective-C, Swift, Java, etc.). We uncover security flaws and provide actionable remediation steps. We also recommend reviewing backend/API source code in conjunction with the mobile client code.
Using a combination of our RMF and Source Code Analysis services allows our team to evaluate all aspects of your mobile application as well as test risk mitigation solutions. This category offers the most precise remediation advice for your mobile applications.
Using RMF analysis along with reverse engineering techniques, our team will help your organization review any third-party mobile applications you may be looking to use or purchase. This service may require approval from the third party.
Your organization wants to provide users with an amazing mobile application, and we want to help you achieve this goal, securely. If you are interested in additional details about our mobile security training and assessments, contact our team to learn more.