Komodo’s Mobile Security testing methodology is based on years of experience testing complex applications and systems in market leading companies.
The methodology includes both manual and automatic testing, including fuzzing and code-reviews, by using Komodo’s unique tools.
The Mobile Application Security Testing is conducted in two approaches – (White Box) Static testing of the source code and application testing (penetration) of the system in a testing environment simulating the real production environment of the applications.
Testing of mobile security includes the following:
* Mobile Application Architecture review
* Sensitive information exposure
* Communication’s channel protection
* Authentication mechanism
* Session management
* Input validation
* Error and Exception Handling
* Unauthorized resources access
* Unauthorized phone resources use (GPS, Camera, SMS)
* Malicious code/Backdoors
* Denial of service
* Standard library use
* Correctly application of security mechanisms
* Memory Analysis
* Protocols in Use
* Unprotected application interfaces
* Relevant OWASP top-10