Use Our Offense to Inform Your Defense

Mobile application security assessments help an organization gain a clear understanding of the risks facing their information assets where they are made accessible via mobile applications, as well as the risks to data entrusted to the organization by customers' use of applications. Similarly, mobile device and infrastructure assessments highlight issues raised by the decentralization of organization controls (over data, network access, and malware prevention) inherent in mobile device roll-outs. Mobile device assessments consider the risks to organization assets posed by lost, stolen, or compromised mobile devices.

Whether a high-level overview or a thorough, in-depth review is desired, DISD works with your staff to produce prioritized findings, recommendations, and remediation or mitigation steps to fit your organization's profile.

DISD performs mobile application security assessments according to a well-developed and refined methodology, in order to provide thorough, accurate, and reproducible results covering the application's local footprint, network communications, and interactions with backend services. Testing initially focuses on the application configuration and local storage, to identify sensitive data disclosure, client-side protection bypasses, and insecure storage practices. Consultants then focus on identifying, intercepting, examining, and manipulating network communications – uncovering potential issues with encryption implementations, certificate checking routines, and tamperable requests and responses. Reviewing the application-level protocols and interaction with backend services concentrates on areas such as input validation, session state management, and privilege escalation.

Areas of testing focus in a mobile application security assessment include, but are not limited to:

DISD works with our customers to identify the goals of security assessments prior to testing, and is available to assist in remediation efforts upon request.