The growing mobile risk
Mobile devices are an extension to your network perimeter, but unlike a server or desktop, they are far easier to lose or steal. And the opportunity to gain access to sensitive personal, proprietary and financial information makes mobile phones, tablets, laptops or even smart watches, prime targets for attack from malicious threat actors.
The risk of a lost, stolen or compromised device is not just about the data stored locally, mobile devices can also provide a direct route into the heart of your organisation through VPNs and workspace browsers. If compromised these could provide a means to reach further into a company’s internal network and databases.
Mobile Security Testing
Whatever your industry or size of your organisation, you simply can’t afford to ignore the mobile threat and potential financial and reputational damage caused by a serious breach. At Context we can help you to ensure that your users, sensitive data, IT systems and reputation are secure and protected by identifying weaknesses in your mobile applications and the configuration of mobile devices, before they are exploited in the wild. We will also ensure that you are fully-compliant with industry regulatory requirements. We will help you to:
- Protect the confidentiality of potentially very sensitive information at rest, on the device and in transit to mobile APIs.
- Secure information so it cannot be modified by unauthorized individuals.
- Ensure that authentication to and authorisation within a mobile application is handled securely to prevent unauthorised actions taking place.
- Meet industry standards such as PCI, GDPR and Cyber Essentials +.
Our comprehensive mobile security testing will identify vulnerabilities affecting the use of mobile technologies through detailed and audited processes including:
- Mobile App Penetration Testing: Manual penetration testing of iOS and Android mobile applications for phones, tablets, laptops and other mobile devices. Our methodology covers industry standard checks such as those defined by OWASP as well as our own checks identified through years of experience. We can also perform testing of iOS applications without needing a jailbreak.
- Code review of mobile applications. This white-box approach goes in-depth into the code of the application, identifying vulnerabilities that may be hard or impossible to expose via a black-box perspective. Code reviews are often performed in parallel with manual testing of mobile applications.
- Policy reviews of enterprise mobility management (EMM) solutions. Our methodology reviews the settings enforced on devices by EMM solutions and checks that they are applied as expected. We can also help you assess any scenarios you may be concerned about. For example, can users install apps outside of the company curated Appstore or is it possible for a user to exfiltrate corporate data from workspace apps to non-workspace apps?
Our mobile security testing can also be run in parallel with our web application testing services. Often the web and mobile APIs are shared and your mobile applications may be an extension of the web app. We can also ensure your MDM (Mobile Device Management) policies are secure, investigate the external infrastructure of API endpoints, perform audits of any cloud-hosted components and check that the builds of your supporting web servers and databases are secure.
Download our Mobile Application Penetration Testing flyer to read examples of how the Context team was able to identify weaknesses in our clients' mobile security.