Leverage Our Expertise
Key focuses for our mobile application security practice are centered around application decomposition, debugging, static and dynamic analysis of the mobile client application, memory patching and web API security models. This comprehensive approach leverages a mobile application threat model that validates authentication and authorization claims in the application as well as identifies weak mobile client design and architecture. VerSprite has authored many security exploits around various mobile platforms and leverages this same research, as well as the broader industry research around mobile exploits, to provide the most comprehensive test suite for your mobile products.
Client-Side Security Testing
Our AppSec group supports Windows, Android and iOS client environments via our core capabilities for security testing. As part of our testing methodology, our group focuses on understanding the overall trust model between the client application and the web services that it interfaces with. Looking solely at the client software that is developed, we review insecure mobile development practices that affects cryptographic key storage, implicit trust between the client software in the device, poor authorization models, and secure data storage practices, and more. We leverage both static and dynamic testing tools, some of which are proprietary to VerSprite.
Integrated Managed Services in Mobile Testing
VerSprite can integrate security testing into your development software development lifecycle process. Point in time security testing models may be too slow for many mobile product development groups, and as a result, we have successfully built a security testing practice that is highly integrated into our client workflows via managed application security testing models. Inquire with us today on how you can integrate security within your mobile application products.