Client-Side Security Testing
Our AppSec group supports Windows, Android and iOS client environments via our core capabilities for security testing. As part of our testing methodology, our group focuses on understanding the overall trust model between the client application and the web services that it interfaces with. Looking solely at the client software that is developed, we review insecure mobile development practices that affects cryptographic key storage, implicit trust between the client software in the device, poor authorization models, and secure data storage practices, and more. We leverage both static and dynamic testing tools, some of which are proprietary to VerSprite.