What we do

We security assess the app’s functionality and how it interacts with both the mobile device and the remote web services it needs to retrieve information.

With our deep knowledge and understanding of iOS and Android native mobile app security, we look for security issues associated with data privacy, communications between the app and the web servers, and any vulnerabilities in the actual web services that could lead to unauthorised access to sensitive information.

The most common vulnerabilities found in mobile apps are tested for, in line with OWASP’s Mobile risks:

  • Sensitive data leaks
  • Hard-coded passwords/keys
  • Client-side injection
  • Lack of binary detection
  • Insecure transmission of data
  • Insecure data storage
  • Poor authentication and authorisation
  • Improper session handling

Related

More articles

The latest from the security bureau

Cyber Threats: What to be aware of in Financial Services

Organisations in the financial industry hold a large amount of sensitive data on their customers which can make them a prime target to cyber criminals. The more sensitive the data the larger the target your organisation can become.

Dealing with Data Retention in The Finance Industry

We’ve been working with financial and insurance companies getting them in-line with the GDPR and we’re answering the most common questions asked are around data retention and the right to be forgotten.