Embed Size (px)
DESCRIPTION
Mobile Application Penetration testing and Mobile Application Security assessment has moved from “can be done” to “must be done” stage. Mobile applications are floating around, Android apps, iPhone apps, BB apps what not? Many of these mobile applications deal with personally Identifiable Information (PII), Credit card and other sensitive data. When you launch a mobile application its your responsibility to make sure your application is safe and secured.
Citation preview
https://entersoft.co.in
Entersoft Information Systems Pvt Ltd
https://entersoft.co.in
is one of the offensive Mobile SECURITY AUDITs is a complex of activities aimed to estimate current security posture of your app by directly attacking your app
is != unreal attack activities
is != vulnerability assessment
https://entersoft.co.in
Almost equal to real time attack. Real time assessment of your app HELPS in Estimating security posture of an app. Identifying hacker’s primary attack vector Proactively mitigating security risks Meeting compliance requirements and protecting user’s privacy
https://entersoft.co.in
Creating test environment
Application setup
Reverse Engineering
Mobile OWASP top 10 identification
Payment gateway testing
Reporting
https://entersoft.co.in
• We believe creating test environment is the most crucial part of our mobile application penetration testing. Our state of the art lab has many simulators, real devices to test your application. All we need is your APK.
• For android, we use various pads and we will test your mobile in most android OSes.
• For iOS apps, we use both iphones, ipads and simulators.
• We will test how resilient your application is for reverse engineering. This helps in testing your code strength and encryption standards you are using.
https://entersoft.co.in
We will test how resilient your application is for reverse engineering. This helps in testing your code strength and encryption standards you are using.
Mobile OWASP TOP 10 vulnerabilities identification
We will identify the following vulnerabilities at the client level M1: Insecure Data Storage M2: Weak Server Side Controls M3: Insufficient Transport Layer Protection M4: Client Side Injection M5: Poor Authorization and Authentication M6: Improper Session Handling M7: Security Decisions Via Untrusted Inputs M8: Side Channel Data Leakage M9: Broken Cryptography M10: Sensitive Information Disclosure We will also identify server level vulnerabilities as well, while we test the mobile application.
https://entersoft.co.in
Payment gateway testing
• If your mobile application has any payment options, we will see how resilient your application payment methods are.
Reporting
• We provide most comprehensive reports that are understood in both managerial as well as technical context.
https://entersoft.co.in
Reports not to have any false positives • Entersoft promises that it’s Mobile application Penetration Testing services will
provide deliverables or output [PDF/HTML formatted report] that contains absolutely no false positives
• Entersoft’s methodology is likely to identify much vulnerability that generally cannot be identified with traditional penetration testing methods. We use offensive security methodologies. We are Advanced in our tests
No service disruption • Entersoft’s Advanced MAPT methodology makes sure your usual operations are
not effected during our penetration testing. We do a lot of study before performing a penetration testing
Entersoft’s offensive security experts have entered hall of fame in the following
major technology giants by continuously submitting vulnerabilities using our advanced techniques.
• Nokia Maps [XSS] • Drop Box [Stored XSS] • Uninor [Sensitive information disclosure] • Blackberry [XSS] • Apptentive [XSS]
