Komodo’s Mobile Security testing methodology is based on years of experience testing complex applications and systems in market leading companies.
The methodology includes both manual and automatic testing, including fuzzing and code-reviews, by using Komodo’s unique tools.
The Mobile Application Security Testing is conducted in two approaches – (White Box) Static testing of the source code and application testing (penetration) of the system in a testing environment simulating the real production environment of the applications.
Testing of mobile security includes the following:
* Mobile Application Architecture review
* Sensitive information exposure
* Communication’s channel protection
* Authentication mechanism
* Session management
* Input validation
* Error and Exception Handling
* Unauthorized resources access
* Unauthorized phone resources use (GPS, Camera, SMS)
* Malicious code/Backdoors
* Denial of service
* Standard library use
* Correctly application of security mechanisms
* Memory Analysis
* Protocols in Use
* Unprotected application interfaces
* Relevant OWASP top-10
The results of a penetration test are detailed in a comprehensive report that clearly explain where your vulnerabilities are, what the risk to your business is, who may be able to exploit these vulnerability and how to best secure your application.
Our reports are aimed to both non-technical senior executives, focusing on potential risks and probability, as well as to the application developers giving an in-depth explanation regarding the way mitigate risks.
In order enable more effective discussion, and better understanding of software weaknesses detailed in our reports, we care to co correlate each vulnerability to a valid MITRE CWE ID.