cyberalphasecurity mobile application pentest datasheet
TRANSCRIPT
-
8/11/2019 CyberAlphaSecurity Mobile Application PenTest Datasheet
1/4
Key Features and Dierenators
Mul-Plaorm Reverse Engineering, File
System & API Monitoring
Customized emulator framework facilitates
reverse engineering and low level applicaon
analysis.
In-depth study of communicaon protocol,
encrypon, compression, etc.
Detailed Fix Informaon with Source Code
Examples
Detailed informaon is provided on how to x
issues in your specic development language,
framework and plaorm.
Step by step instrucons, POCs & examples
are given for your
applicaons & plaorms.
E.D.I.T.E Intelligently Selects
the Ideal Tools
Selects tools based on target frameworks,
plaorms, applicaons and versions.
Ensures that ideal combinaon of
tools are intelligently selected and
run for each individual target.
Integrated Proprietary, Open-Source and
Commercial Tools
Unique combinaon of tools delivers ideal
balance between security, eciency and
cost.
Tool output is cross-referenced, correlated
and fed to manual auditors for review &
analysis
Expert Led Test-Case Driven Approach
Experts create test cases specic to your
business concerns, priories and pain areas.
Our large internal test case database is
referenced based on various ideners.
Idenfy Design & Logic
Vulnerabilies
Our expert driven mapping and test case
based approach idenes design & logic
issues in your applicaons.
Such issues generally have a high business
impact & cannot be found through
automated scans.
Mobile Application Penetration TestingSecure mobile applicaons from technical and business logic issues. Get aconable xes.
Our Mobile Applicaon Penetraon Tesng service leverages applicaon mapping, reverse engineering and proprietary tools to
idenfy business logic and technical vulnerabilies in your mobile applicaons.
Many of the risks associated with mobile applicaon are similar to those of web applicaons such as user authencaon, data security,
data in transit, etc. Our core focus lies not only in idenfying technical vulnerabilies but idenfy key issues related to applicaon
permission and data ow.
Our in-house developedE.D.I.T.E framework takes our experienced consultants through a well-dened tesng workow that
intelligently automates repeatable tasks while facilitang auditors to eciently carry out thorough manual tesng.
-
8/11/2019 CyberAlphaSecurity Mobile Application PenTest Datasheet
2/4
Challenge Soluon Matrix
Developers cannot x issues.
We are sll vulnerable aerseveral audits.
We need to meet Compliancemandates.
We want to prevent leakage of sensivecustomer informaon like credit carddetails.
How do we prevent user account hi-jack?
Detailed recommendaons with source-code examples in your developmentlanguage.
Re-tesng of vulnerabilies llclosure is a complimentary part of ourservice.
Our experts help your team understand
and x issues.
Our tesng guidelines meet therequirements set by mostcompliance standards.
We help you idenfy and prevent sensi-
ve data leakage like credit card details,locaon, owner idinformaon etc.
Idenfy sensive data transmission overunencrypted channel
Quick turn-around me for xed release.
All issues are closed thoroughly.
Meet the requirements of compliancestandards.
Your applicaons are testedthoroughly for both technical and logicissues.
Helps you to prevent data leakagethrough intercepon
Deliverables
Execuve Presentaon Excel Fix TrackerDetailed Technical Report
Compliance & Tesng Standards
Your Challenges Key BenetsOur Soluons
High level summary of issues
Key metrics and analysis
Impact and root cause analysis
Acon items for remediaon
Detailed proof of concepts
Fix informaon with source code and congu-
raon examples
Specic to your applicaon
Track x status of issues
Manage melines for x
Manage responsibilies for x
Summary of acon items
-
8/11/2019 CyberAlphaSecurity Mobile Application PenTest Datasheet
3/4
Overview of Our Technical Process - E.D.I.T.E
1 Automated Tesng Proprietary, Open-Source & Commercial Tools
2 Manual Tesng Network Mapping and Logic Tesng
3 Integraon Data Correlaon and Cross-Referencing
4 Reporng Custom Developed with Detailed Fix Informaon
a) Customized emulator framework idenes
the applicaon frameworks, dependencies and
components.
b) File system and network anlayis analyzes and maps
applicaon acviy and protocols.
c) Internal intelligence engine selects ideal tools for the
target, which includes proprietary, open-source and
commercial tools.
d) Data from various tools is collected, streamlined, cross-
referenced and stored into the internal tesng database.
a) Applicaons are divided into core modules and funconalareas.
b) Data ow between components is mapped along with
their logical relaonships..
c) Applicaon is reverse engineered to understand its
internal funconing
d) Expert consultants create test cases based on business
concerns, pain areas and potenal abuse scenarios.
a) Data from automated and manual tesng is cross-
referenced and correlated to establish a nal list of
issues.
b) Data is referenced from public & private sources to
build rich issue proles.
c) Expert auditors analyze the data and extract any
key details that may not have been picked up
automacally.
a) Experts manually document details, descripons, proof of
concepts and references specic to your applicaons.
b) Source code and conguraon xes for each issue are
provided specic to your environment.
c) Step by step POCs and x details helps your team
understand issues.
-
8/11/2019 CyberAlphaSecurity Mobile Application PenTest Datasheet
4/4