Mobile Application Assessment

Identify and remediate security vulnerabilities in mobile applications

Next Steps:

    Overview

    Mobile application development has boomed with the advent of Android, iOS, and Windows mobile operating systems. With more than 1.5 billion smartphone users, there is a growing demand for smartphone applications, including apps for banking, trading, and other services that deal with personally identifiable information (PII), credit card numbers, and other sensitive data.

    A plethora of companies are rushing to capture a piece of the mobile market by developing new applications or porting old applications to work with smartphones. McAfee Foundstone's Mobile Application Assessment helps businesses secure thin or thick mobile applications. Foundstone has been a leader in assessing the security of mobile applications and is a recognized expert in the field, publishing several white papers and magazine articles on the topic, as well as building many free mobile assessment tools, including iOSKeychain Analyzer, Hacme Bank Android, and Sqlitespy.

    Key Benefits

    • Finds holes in production mobile applications, before hackers gain access, by testing applications directly from Apple’s App Store or Google Play.
    • Performs security assessments as mobile applications move from UAT into production.
    • Evaluates your risk and the potential impact on your business, and uses that for our risk calculation.
    • Leverages a proprietary and up-to-date mobile application testing process consisting of over 100 mobile-specific checks.
    • Relies on a thorough training program, comprehensive methodology, and strict quality control to ensure almost no false positives.
    • Includes knowledge transfer of testing techniques, issues, and remediation to customers.
    • Offers discounted rates for applications developed on multiple platforms with shared backend web services.

    Methodology

    Foundstone developed a detailed, methodical approach to mobile application assessment to ensure evaluations are effective, efficient, and repeatable. Our comprehensive testing environment consists of simulators/emulators and actual physical devices. Foundstone specializes in assessing applications developed for iOS, Android, Kindle Fire, Windows Mobile, and BlackBerry platforms.

    This customized methodology allows the process to be consistent across our testers, while allowing them to be creative and leverage their hacking skills. Our proprietary mobile application testing process consists of over 100 mobile-specific checks. Foundstone’s service line leads are constantly involved in ongoing research to update our vulnerability check list and keep it up to date with the rapidly evolving threat landscape. Our detailed methodology spans different security categories, including:

    • Discovery
    • Configuration management
    • Authentication
    • Authorization
    • User and session management
    • Data validation
    • Error handling and exception management
    • Data protection
    • Debugging and reverse engineering