About
If you have a mobile application which is used by a large number of staff, or is deployed to end users, attackers may be able to use it to gain access to other users’ data or exploit the backing applications.
How we can help
Pākiki can review your mobile applications on both iOS and Android. We start by looking at the APIs and any wrapped web applications for vulnerabilities in line with the OWASP Testing Methodology.
Additionally, for mobile applications, we check:
- Whether appropriate reverse engineering countermeasures are built in.
- The Binary exploitation countermeasures.
- Whether all data is stored and processed on the device in an appropriate manner which prevents unauthorised people from gaining access to it.
- How biometrics are used by the application.
- That all encryption used by the app is appropriate.
What you get
At the end of the engagement, you’ll receive a written report, detailing:
- At a high level, what key issues were identified, and what they mean to the business.
- Detailed descriptions of all issues which were identified, including reproduction steps, and how you can remediate them.
Process
All of our engagements follow a similar process:
- We start by scoping the engagement, understanding what you're looking for, discuss the technologies and platforms in use, and any key concerns that you may have. From this, we produce a Statement of Work detailing the effort required, cost, any prerequisites, and our approach to the engagement.
- Once the Statement of Work is signed, we'll work with you to schedule the work.
- Prior to the engagement starting, we'll be in touch to organise any prerequisites we require and where practical will test these prior to the engagement. This will ensure the engagement commences on time.
- The consultant will start the engagement and will provide regular updates. Any high or critical severity issues will be notified when they are found.
- At the end of testing, a report will be produced and provided.
- A close-out meeting is held to provide any additional context around the business impact of what we identified, and to provide a chance for any further questions on how to remediate what was found.
- Optional Retesting can be carried out in order to ensure that any vulnerabilities have been successfully remediated.
Get in touch
To find out more: