Reverse engineering and code analysis
API controls (e.g., modules, classes, Mock objects, UI, backend systems, permissions)
User interface testing (i.e., input fields, session management, authentication, role based access)
Cryptographic protocol and keying material management (e.g., HTTP, Email, SIP credentials, PKI certificates)
The primary objective of a Mobile application security assessment is to determine whether the implementation and supporting components provide adequate security controls to protect against attacks that aim in gaining unauthorized access to sensitive data or application resources (i.e. databases, operating system). Malicious attacks can occur because Mobile applications often rely on insecure methods to track users, pass data, validate data, perform database queries and maintain sessions.
As your organization invests in maintaining competitiveness and facilitate customer access to services through deployment of mobile applications you are also required to protect the confidentiality and integrity of customer data. Evaluating the security of your Mobile application has many dimensions including Application layer controls, Back-end supporting infrastructure controls, Network Layer controls and device security controls.
White Paper: Security Considerations for Mobilizing Enterprise Applications