The objective of this phase is to discover as much information about the mobile application and its associated systems as possible.

ACTIVITIES

Understanding application and its internals

Debugging the Android / iOS based mobile application

Reverse the binary, obtain source code to identifying any sensitive information

Understand the functionality of the application and discover the key areas of focus as per OWASP methodology:

Improper Credential Usage, Inadequate Supply Chain Security, Insecure Authentication/Authorization, Insufficient Input/Output Validation, Insecure Communication, Inadequate Privacy Controls, Insufficient Binary Protections, Security Misconfiguration, Insecure Data Storage, Insufficient Cryptography.

Pluse Background Img

MANUAL TESTING

Perform manual assessment of in-scope applications

Assess the applications basis on the key areas to focus as per OWASP methodology

Injection, Broken Authentication and Session Management, Cross Site Scripting (“XSS”), Insecure direct object references, Security misconfiguration, Sensitive data exposure, Missing function level access control, Cross Site Request Forgery (“CSRF”), Using components with known vulnerabilities, Invalidated redirects and forwards and, Testing application business logic

Center Background Img

DELIVERABLES

Mobile Application Security Assessment Report with details about the observation, risk, severity, business impact and recommendation

Pluse Background Img