Académique Documents
Professionnel Documents
Culture Documents
Secure mobile applications from technical and business logic issues. Get actionable fixes.
Our Mobile Application Penetration Testing service leverages application mapping, reverse engineering and proprietary tools to
identify business logic and technical vulnerabilities in your mobile applications.
Many of the risks associated with mobile application are similar to those of web applications such as user authentication, data security,
data in transit, etc. Our core focus lies not only in identifying technical vulnerabilities but identify key issues related to application
permission and data flow.
Our in-house developed E.D.I.T.E framework takes our experienced consultants through a well-defined testing workflow that
intelligently automates repeatable tasks while facilitating auditors to efficiently carry out thorough manual testing.
Multi-Platform Reverse Engineering, File Detailed Fix Information with Source Code E.D.I.T.E Intelligently Selects
System & API Monitoring Examples the Ideal Tools
Customized emulator framework facilitates Detailed information is provided on how to fix Selects tools based on target frameworks,
reverse engineering and low level application issues in your specific development language, platforms, applications and versions.
analysis. framework and platform.
Ensures that ideal combination of
In-depth study of communication protocol, Step by step instructions, POCs & examples tools are intelligently selected and
encryption, compression, etc. are given for your run for each individual target.
applications & platforms.
Integrated Proprietary, Open-Source and Expert Led Test-Case Driven Approach Identify Design & Logic
Commercial Tools Vulnerabilities
Unique combination of tools delivers ideal Experts create test cases specific to your Our expert driven mapping and test case
balance between security, efficiency and business concerns, priorities and pain areas. based approach identifies design & logic
cost. issues in your applications.
Our large internal test case database is
Tool output is cross-referenced, correlated referenced based on various identifiers. Such issues generally have a high business
and fed to manual auditors for review & impact & cannot be found through
analysis automated scans.
Challenge Solution Matrix
Developers cannot fix issues. Detailed recommendations with source- Quick turn-around time for fixed release.
code examples in your development
language.
We are still vulnerable after Re-testing of vulnerabilities till All issues are closed thoroughly.
several audits. closure is a complimentary part of our
service.
We need to meet Compliance Our testing guidelines meet the Meet the requirements of compliance
mandates. requirements set by most standards.
compliance standards.
We want to prevent leakage of sensitive We help you identify and prevent sensi- Your applications are tested
customer information like credit card tive data leakage like credit card details, thoroughly for both technical and logic
details. location, owner id issues.
information etc.
How do we prevent user account hi-jack? Identify sensitive data transmission over Helps you to prevent data leakage
unencrypted channel through interception
Deliverables
High level summary of issues Detailed proof of concepts Track fix status of issues
Key metrics and analysis Fix information with source code and configu- Manage timelines for fix
Impact and root cause analysis ration examples Manage responsibilities for fix
Action items for remediation Specific to your application Summary of action items
c) A
pplication is reverse engineered to understand its
internal functioning
Traditional Process Used by Most Firms In-Depth Process Used by Cyber Alpha Security
Feature Comparison
Automated Testing
Automated scanners to find technical issues P P P
Combination of in-house developed proprietary,
P P O
open-source and commercial tools
Tools are intelligently selected depending on your
P P O
target infrastructure
Manual verification of all issues No false positives P P O
Manual Testing
Mapping of business logic, data flow and workflow O P O
Reverse engineering of web application functionality O P O
Test cases specific to business priorities and pain areas O P O
Identification of design and logic vulnerabilities O P
Impact analysis through exploitation and propagation O P O
Integration O
Correlation of data from multiple tools and sources P P
Reference issues against private and exclusive vulnerability sources P P O
Reporting O
Custom developed report specific for your applications P P O
Detailed fix information for your specific platforms P P O
Source code examples for fixes in your development languages and frameworks P P O
Detailed proof of concepts with thorough explanations P P O