Anda di halaman 1dari 4

Mobile Application Penetration Testing

Secure mobile applications from technical and business logic issues. Get actionable fixes.
Our Mobile Application Penetration Testing service leverages application mapping, reverse engineering and proprietary tools to
identify business logic and technical vulnerabilities in your mobile applications.

Many of the risks associated with mobile application are similar to those of web applications such as user authentication, data security,
data in transit, etc. Our core focus lies not only in identifying technical vulnerabilities but identify key issues related to application
permission and data flow.

Our in-house developed E.D.I.T.E framework takes our experienced consultants through a well-defined testing workflow that
intelligently automates repeatable tasks while facilitating auditors to efficiently carry out thorough manual testing.

Key Features and Differentiators

Multi-Platform Reverse Engineering, File Detailed Fix Information with Source Code E.D.I.T.E Intelligently Selects
System & API Monitoring Examples the Ideal Tools

Customized emulator framework facilitates Detailed information is provided on how to fix Selects tools based on target frameworks,
reverse engineering and low level application issues in your specific development language, platforms, applications and versions.
analysis. framework and platform.
Ensures that ideal combination of
In-depth study of communication protocol, Step by step instructions, POCs & examples tools are intelligently selected and
encryption, compression, etc. are given for your run for each individual target.
applications & platforms.

Integrated Proprietary, Open-Source and Expert Led Test-Case Driven Approach Identify Design & Logic
Commercial Tools Vulnerabilities

Unique combination of tools delivers ideal Experts create test cases specific to your Our expert driven mapping and test case
balance between security, efficiency and business concerns, priorities and pain areas. based approach identifies design & logic
cost. issues in your applications.
Our large internal test case database is
Tool output is cross-referenced, correlated referenced based on various identifiers. Such issues generally have a high business
and fed to manual auditors for review & impact & cannot be found through
analysis automated scans.
Challenge Solution Matrix

Your Challenges Our Solutions Key Benefits

Developers cannot fix issues. Detailed recommendations with source- Quick turn-around time for fixed release.
code examples in your development
language.

We are still vulnerable after Re-testing of vulnerabilities till All issues are closed thoroughly.
several audits. closure is a complimentary part of our
service.

Our experts help your team understand


and fix issues.

We need to meet Compliance Our testing guidelines meet the Meet the requirements of compliance
mandates. requirements set by most standards.
compliance standards.

We want to prevent leakage of sensitive We help you identify and prevent sensi- Your applications are tested
customer information like credit card tive data leakage like credit card details, thoroughly for both technical and logic
details. location, owner id issues.
information etc.

How do we prevent user account hi-jack? Identify sensitive data transmission over Helps you to prevent data leakage
unencrypted channel through interception

Deliverables

Executive Presentation Detailed Technical Report Excel Fix Tracker

High level summary of issues Detailed proof of concepts Track fix status of issues
Key metrics and analysis Fix information with source code and configu- Manage timelines for fix
Impact and root cause analysis ration examples Manage responsibilities for fix
Action items for remediation Specific to your application Summary of action items

Compliance & Testing Standards


Overview of Our Technical Process - E.D.I.T.E

1 Automated Testing Proprietary, Open-Source & Commercial Tools

a) Customized emulator framework identifies


the application frameworks, dependencies and
components.

b) File system and network anlayis analyzes and maps


application activitiy and protocols.

c) Internal intelligence engine selects ideal tools for the


target, which includes proprietary, open-source and
commercial tools.

d) Data from various tools is collected, streamlined, cross-


referenced and stored into the internal testing database.

2 Manual Testing Network Mapping and Logic Testing

a) Applications are divided into core modules and functional


areas.

b) Data flow between components is mapped along with


their logical relationships..

c) A
 pplication is reverse engineered to understand its
internal functioning

d) Expert consultants create test cases based on business


concerns, pain areas and potential abuse scenarios.

3 Integration Data Correlation and Cross-Referencing

a) Data from automated and manual testing is cross-


referenced and correlated to establish a final list of
issues.

b) Data is referenced from public & private sources to


build rich issue profiles.

c) Expert auditors analyze the data and extract any


key details that may not have been picked up
automatically.

4 Reporting Custom Developed with Detailed Fix Information

a) Experts manually document details, descriptions, proof of


concepts and references specific to your applications.

b) Source code and configuration fixes for each issue are


provided specific to your environment.

c) S tep by step POCs and fix details helps your team


understand issues.
Process Comparison

Traditional Process Used by Most Firms In-Depth Process Used by Cyber Alpha Security

Feature Comparison

Feature Standard Premium Generic


Audit Audit Vendors

Automated Testing
Automated scanners to find technical issues P P P
Combination of in-house developed proprietary,
P P O
open-source and commercial tools
Tools are intelligently selected depending on your
P P O
target infrastructure
Manual verification of all issues No false positives P P O
Manual Testing
Mapping of business logic, data flow and workflow O P O
Reverse engineering of web application functionality O P O
Test cases specific to business priorities and pain areas O P O
Identification of design and logic vulnerabilities O P
Impact analysis through exploitation and propagation O P O
Integration O
Correlation of data from multiple tools and sources P P
Reference issues against private and exclusive vulnerability sources P P O
Reporting O
Custom developed report specific for your applications P P O
Detailed fix information for your specific platforms P P O
Source code examples for fixes in your development languages and frameworks P P O
Detailed proof of concepts with thorough explanations P P O

Amsterdam, The Netherlands Chennai, India


Veembroederhof 281 RMZ Millenia Business Park
1019HD Amsterdam Phase 2, 6th Floor
Tel: +31-20-511-2466 Tel: +91-44-6691-5315
info@cyberalphasecurity.com info@cyberalphasecurity.com