Pentesting with VerSprite

Mobile App Pentesting, Source Code Review, & Threat Modeling

VerSprite’s team of experts focus on mobile application decomposition, debugging, static and dynamic analysis of the mobile client application, memory patching, and web API security models. Our objective is to enumerate actions as a malicious actor using grey box and white box pentesting methods to test mobile client applications (iOS and Android) to establish vulnerabilities, design weaknesses, and technology implementation flaws that could lead to data vulnerabilities or credential compromise.

In addition, our mobile application pentesting methods determine if there are integrity issues within the application itself and/or of the accounts integrated by the application user. Grey and white box testing methods are used to run authenticated tests and static analysis on obtain environment configurations that are exposed or identified through the mobile application testing.

VerSprite’s comprehensive mobile app pentesting approach leverages a risk-based threat model that validates authentication and authorization claims in the mobile app as well as identifies weak mobile client design and architecture. VerSprite has authored many mobile application security exploits around various platforms and we leverage this same research, as well as the broader industry research around mobile exploits, to provide the most comprehensive mobile security test suite for your organization’s mobile products.

Are Your Mobile Applications Being Deployed With a Trove of Vulnerabilities?

Fat Client Software Pentesting

Beyond our passion that fuels our desire to emulate cyber related attacks, we also leverage and are proficient with reputable frameworks around pentesting. VerSprite supports and interfaces with global organizations that seek to improve this misapplied and misunderstood practice that is penetration testing. The following are global standards that VerSprite supports as part of its AppSec services: The Penetration Testing Standard (PTES), OWASP’s Application Security Verification Standard, and NIST’s Standard Publication around Security Testing.

ERP Pentesting / SAP Security Testing

VerSprite knowledge about the different SAP Layers and how they make up the netweaver framework allows the team to perform a thorough review of the SAP landscape, application servers and clients. Additionally, our recommendations on security best practices for SAP segregation of duties will help you improve your SAP [P]rofiles as well as avoid common pitfalls due to security misconceptions.

VerSprite includes in the scope all the different layers and components within the SAP ecosystem: SAP Network and Web layer as well as lower layers that go from the DB and OS platform where the ERP is running to the different proprietary SAP protocols such as DIAG. The SAP Router and Web Dispatcher are main components within this scope but VerSprite will also help finding security issues also on the Management Console, SAP GW and RFC Dispatcher, SAP ICM and the SAP J2EE HTTP.

Embedded Component Exploit Testing

With this type of approach, VerSprite attempts to simulate an attack by a threat that would have little to no insight into the environment or application architecture.