Mobile Application Penetration Testing

Secure mobile applications from technical and business logic issues. Get actionable fixes.
Our Mobile Application Penetration Testing service leverages application mapping, reverse engineering and proprietary tools to
identify business logic and technical vulnerabilities in your mobile applications.

Many of the risks associated with mobile application are similar to those of web applications such as user authentication, data security,
data in transit, etc. Our core focus lies not only in identifying technical vulnerabilities but identify key issues related to application
permission and data flow.

Our in-house developed E.D.I.T.E framework takes our experienced consultants through a well-defined testing workflow that
intelligently automates repeatable tasks while facilitating auditors to efficiently carry out thorough manual testing.

Key Features and Differentiators

Multi-Platform Reverse Engineering, File Detailed Fix Information with Source Code E.D.I.T.E Intelligently Selects
System & API Monitoring Examples the Ideal Tools

Customized emulator framework facilitates
reverse engineering and low level application
analysis.
In-depth study of communication protocol,
encryption, compression, etc.
Detailed information is provided on how to fix
issues in your specific development language,
framework and platform.
Step by step instructions, POCs & examples
are given for your
applications & platforms.
Selects tools based on target frameworks,
platforms, applications and versions.
Ensures that ideal combination of
tools are intelligently selected and
run for each individual target.

Integrated Proprietary, Open-Source and Expert Led Test-Case Driven Approach Identify Design & Logic
Commercial Tools Vulnerabilities

Unique combination of tools delivers ideal
balance between security, efficiency and
cost.
Tool output is cross-referenced, correlated
and fed to manual auditors for review &
analysis
Experts create test cases specific to your
business concerns, priorities and pain areas.
Our large internal test case database is
referenced based on various identifiers.
Our expert driven mapping and test case
based approach identifies design & logic
issues in your applications.
Such issues generally have a high business
impact & cannot be found through
automated scans.
 Challenge Solution Matrix

Your Challenges Our Solutions Key Benefits

Developers cannot fix issues. Detailed recommendations with source- Quick turn-around time for fixed release.
code examples in your development
language.

We are still vulnerable after Re-testing of vulnerabilities till All issues are closed thoroughly.
several audits. closure is a complimentary part of our
service.

Our experts help your team understand

and fix issues.

We need to meet Compliance Our testing guidelines meet the Meet the requirements of compliance
mandates. requirements set by most standards.
compliance standards.

We want to prevent leakage of sensitive We help you identify and prevent sensi- Your applications are tested
customer information like credit card tive data leakage like credit card details, thoroughly for both technical and logic
details. location, owner id issues.
information etc.

How do we prevent user account hi-jack? Identify sensitive data transmission over Helps you to prevent data leakage
unencrypted channel through interception

Deliverables

Executive Presentation Detailed Technical Report Excel Fix Tracker

High level summary of issues Detailed proof of concepts Track fix status of issues
Key metrics and analysis Fix information with source code and configu- Manage timelines for fix
Impact and root cause analysis ration examples Manage responsibilities for fix
Action items for remediation Specific to your application Summary of action items

Compliance & Testing Standards

 Overview of Our Technical Process - E.D.I.T.E

1 Automated Testing Proprietary, Open-Source & Commercial Tools

a) Customized emulator framework identifies

the application frameworks, dependencies and
components.

b) File system and network anlayis analyzes and maps

application activitiy and protocols.

c) Internal intelligence engine selects ideal tools for the

target, which includes proprietary, open-source and
commercial tools.

d) Data from various tools is collected, streamlined, cross-

referenced and stored into the internal testing database.

2 Manual Testing Network Mapping and Logic Testing

a) Applications are divided into core modules and functional

areas.

b) Data flow between components is mapped along with

their logical relationships..

c) A
 pplication is reverse engineered to understand its
internal functioning

d) Expert consultants create test cases based on business

concerns, pain areas and potential abuse scenarios.

3 Integration Data Correlation and Cross-Referencing

a) Data from automated and manual testing is cross-

referenced and correlated to establish a final list of
issues.

b) Data is referenced from public & private sources to

build rich issue profiles.

c) Expert auditors analyze the data and extract any

key details that may not have been picked up
automatically.

4 Reporting Custom Developed with Detailed Fix Information

a) Experts manually document details, descriptions, proof of

concepts and references specific to your applications.

b) Source code and configuration fixes for each issue are

provided specific to your environment.

c) S tep by step POCs and fix details helps your team

understand issues.
 Process Comparison

Traditional Process Used by Most Firms In-Depth Process Used by Cyber Alpha Security

Feature Comparison

Feature Standard Premium Generic

Audit Audit Vendors

Automated Testing
Automated scanners to find technical issues P P P
Combination of in-house developed proprietary,
P P O
open-source and commercial tools
Tools are intelligently selected depending on your
P P O
target infrastructure
Manual verification of all issues No false positives P P O
Manual Testing
Mapping of business logic, data flow and workflow O P O
Reverse engineering of web application functionality O P O
Test cases specific to business priorities and pain areas O P O
Identification of design and logic vulnerabilities O P
Impact analysis through exploitation and propagation O P O
Integration O
Correlation of data from multiple tools and sources P P
Reference issues against private and exclusive vulnerability sources P P O
Reporting O
Custom developed report specific for your applications P P O
Detailed fix information for your specific platforms P P O
Source code examples for fixes in your development languages and frameworks P P O
Detailed proof of concepts with thorough explanations P P O

Amsterdam, The Netherlands Chennai, India

Veembroederhof 281 RMZ Millenia Business Park
1019HD Amsterdam Phase 2, 6th Floor
Tel: +31-20-511-2466 Tel: +91-44-6691-5315
info@cyberalphasecurity.com info@cyberalphasecurity.com