Through our direct observations in reverse engineering Android applications, it is apparent that many mobile application developers do not pay attention to good security practices while constructing their projects. Many fail to properly use cryptography to protect credentials or sensitive personally-identifiable data. Poor session management is often seen, which allows for session hijacking. Server-side web interfaces are often neglected as well, which can grant attackers an entrypoint to the company's internal network.
Positron Security excels at mobile application analysis. Two types of service are offered:
- Black-box Mobile Application Testing
- In this type of audit, we analyze your publicly-distributed mobile application by examining its behavior during regular use, as well as reverse-engineering its compiled code. We search for common mistakes with SSL/TLS, information leakage, privilege escalation, data confidentiality, data integrity, as well as deficiencies with server-side interfaces.
- White-box Mobile Application Testing
- This audit type is similar to the black-box testing above, but includes full source code analysis. This allows us to analyze the design and implementation of the application at a deeper level. One major advantage over black-box testing is that more code paths can be analyzed in the same amount of time, which results in greater coverage of the application.
All findings, along with proof-of-concept examples, references, and solutions are documented in a final report, which is suitable for both a technical and executive audience.
Please contact us for more information, or to get a quote for our services.