As part of our extensive security assessment portfolio, we also specialize in mobile application security assessments, be it black-box reverse engineering engagements or source code review analysis.
With the wave of IT consumerization being faced by most enterprises today, CISOs no longer have the option of not allowing Smartphone’s, tablets and other mobile devices from connecting to the corporate network and accessing corporate data.
With so much organization data floating around in the palms of employees, corporate data theft is also on the rise. A loss of any such device would allow an adversary access to confidential emails and documents stored on the mobile device.
In today’s world where technology rule people’s lives and work space, attackers have also become sophisticated in their methodology. Rather than targeting an organization’s well protected email server – for which an attacker would have to bypass layers of security, including IPS, firewalls – attackers have now begun to focus on softer targets: the user endpoints – mobile, tablet, laptops.
Most corporate business which provide their employees with mobile devices, use MDM applications like Blackberry Enterprise Servers or 3rd-party device management server. Our team can conduct a security assessment of these servers to identify improper configurations or policies which are not in compliance with the organization security policy and best practices.
Although most critical security issues can be discovered by an application assessment, a source code review helps discover underlying code issues which may not be apparent in the exposed user interface. We can review source code for applications of different platforms – Blackberry OS, iOS, Android, Symbian, Windows.
Companies now-a-days introduce applications for their customers (and even employees) to ease the manner in which they interact and conduct transactions. Applications involving mobile trading, mobile banking, mobile wallet etc. need to ensure the confidentiality and integrity of their customer data the availability of their services. We can help you identify vulnerabilities in your applications and also provide recommendations on how you can ensure that an attacker does not abuse your application nor is he able to compromise your clients’ information.
If you are looking to integrate end-point mobile devices into your infrastructure, you need to ensure that they are well protected from malwares and also make sure that all such devices are in conformity with the organizations’ security policies. We can help you to identify and set up solutions which best suit your unique organization policies and network architecture. With our years of experience in information security domain, you can be assured that we review the top-of-the-line products and suggest the best option for your needs.
