Mobile devices usually hold very sensitive information like contacts details, text messages, e-mail messages, social network credentials, credit card details, documents and so on. In addition they can get lost or stolen much more easily than our laptop and, from that moment on, all their content is literally in the hand of someone else. Mobile devices are often used also as a gateway to your enterprise and this means that every threat for a mobile device could be a threat also for your enterprise and its sensitive data.
According to the OWASP Top 10 Mobile Risks the most widspread and dangerous security issues for mobile applications are:
During our consulting activities, we noted that it is true and insecure data storage is one of the most common issues that we find.
Also in this case we have a useful OWASP project, the top 10 mobile controls and design principles. This is essentially a list of controls and design principles that, if put in place, can help prevent the afore listed vulnerabilities. You need to review your code in order to understand if these controls are in place and if they are implemented correctly.
Minded Security offers several solutions to address the security of your mobile applications. As the Software Development Life Cicle is divided in phases, according to them we can perform the following activities in order to best suite your needs:
Training and Awareness: a well trained development team can save money and time creating secure applications. We believe it is important to deliver a set of trainings on Mobile Application Security with the goal to understand the objective of our consultancy and to spread awareness on the most common vulnerabilities and how to avoid them.
Secure Design: before you start coding your mobile application, we can review the design in order to understand if there are security issues. This step can be very money and time saving, specially if you are planning to share this design with several applications on different platforms.
Mobile Application Penetration Test: we can perform this step with two different approaches. With a Black Box approach we try to understand which vulnerabilities affect your application using it and testing its connection with the server side infrastructures (Penetration Test). Instead with a White Box approach we will review the code of your application both client and server side (Secure Code Review), and then perform a dynamic test (Penetration Test).
We can perform these assessment on mobile applications for all the major platforms like Apple iOS, Android, Blackberry and Windows Mobile.
If you are interested in our services or you want more information, please do not esitate to contact us at this page. Our team will be very happy to satisfy your requests.