Your users trust your organization, but can they trust your mobile applications?
Put your mobile applications to the test to determine their effectiveness at keeping your users, their data, and your own infrastructure secure.
Whether you provide Security Illusion access to your app's source code, pre-compiled beta apps, or want us to download the application as-is from the Google Play / App Store, we poke and prod every aspect of the mobile application to identify vulnerabilities that may harm your users or your app's security bottom-line.
Using both manual and automated techniques, we test the security practices you've implemented in the mobile application itself as well as the traffic it sends and receives to your destination servers.
But why stop there?
Depending on the scope and purpose of your mobile app, Security Illusion typically recommends performing penetration testing services on the app's destination servers, as we find that the servers that accommodate the mobile apps are often overlooked and insecurely configured.
Some common issues we identify with Mobile Apps:
Unencrypted or Hardcoded user/application credentials stored in data files, rather than in a Secure Enclave, like the iOS Keychain.
Session Hijacking of another user's authenticated session
Static & Hardcoded Data Encryption/Decryption keys that are non-unique to the user, easily-guessable, or stored in weakly-protected app data files.
Lack of HTTPS (or HTTPS, but with insecure protocols) with network traffic containing sensitive user data or credentials.
Insecure Authentication (The app never asks the user to log back in, or doesn't require TouchID/Additional Verification that the current session is valid)
Lack or Improper use of Certificate Pinning, thereby allowing all network traffic to be intercepted when on an untrusted wireless network.
Curious if your Mobile Apps are protecting your users and your organization Let Security Illusion put it to the test.