Monday, April 10, 2017

Mobile app security assessments

Mobile app security assessments


I wrote recently about performing source code analysis for mobile apps. Im seeing some crazy stuff that I didnt think Id see in mobile apps (but Im not really surprised) related to session manipulation, hard-coded cryptographic keys and the like which underscores the importance of the exercise.

But theres another side to mobile app security assessments - its simply manual analysis. That is poking around with the apps and the mobile devices using good tools and proper techniques to find and demonstrate security and forensic-related flaws that arent uncovered in traditional user, functional, and QA testing. In recent application assessments, Ive found things like:
  • login-related weaknesses
  • information mishandling
  • insecure interactions with external applications/systems
  • exploits in general functionality that put PII at risk
Odds are good that you or someone you know is rolling out a new mobile app. Or perhaps you were an early adopter and need to validate that your existing apps are reasonably secure. The question is: What are you doing to ensure things are in check? 

Like I say about a lot of things related to information security...do it yourself, allow me to help, or hire someone else - just do something.

Available link for download

Posted by at
Labels: , , ,