Mobile Application Penetration Test Training 7 PowerPoint PPT Presentation

presentation player overlay
About This Presentation
Transcript and Presenter's Notes

Title: Mobile Application Penetration Test Training 7


1
ABOUT US
  • SECURIUM FOX offers cyber security consultancy
    services with its expert and experienced team. We
    are providing consulting services to prevent
    cyber attacks, data leak and to ensure that our
    customers are ready and safe against cyber
    attacks, with more than 15 years of
    experience.In addition to pentests and
    consulting services, SECURIUM FOX prepares its
    customers and field enthusiasts for real life
    scenarios by providing trainings in the lab
    environment which was prepared by themselves,
    with its young, dynamic and constantly following
    team.Everytime that hackers are in our lives,
    there are always risks that we can face with a
    cyber attack. Over the years cyber security has
    become a critical precaution for all
    organizations and companies after the effects and
    number of attacks. SECURIUM FOX tests the weak
    points of customers for possible attacks and
    provides consulting services to eliminate these
    weak points.SECURIUM FOX team also offers
    support for the development of our country in
    this field by supporting free events being
    organized as a volunteer by the Octosec team.

2
  • MOBILE APPLICATION SECURITY AND PENETRATION TEST
    TRAINING

3
Mobile App Security Testing
  • securiumfoxtechnologies Mobile App Security
    Testing service provides a detailed security
    analysis of your phone or tablet based app. A key
    feature of this service is manual testing by
    experienced security professionals, which
    typically uncovers many more issues than
    automated tests alone.

4
Vulnerable apps fail to validate SSL certificates
  • Mobile applications which send and receive
    sensitive information are tempting targets for
    man-in-the-middle (MITM) attacks where a
    correctly positioned attacker can view and
    manipulate traffic. Mobile applications use the
    same approach to securing communication as
    conventional web sites SSL/TLS. However, SSL
    certificate validation is far from trivial and
    mobile applications often fall short of the
    standard of certificate validation performed in
    mainstream browsers.

5
  • Without sufficient validation of SSL certificates
    in a mobile app, an attacker can substitute a
    legitimate SSL certificate with one under his
    control and thus view or manipulate sensitive
    information submitted by the user. Mobile app
    users who regularly connect to untrusted public
    wireless networks are particularly at risk, both
    from rogue access points and from other users of
    the wireless network. Unlike with conventional
    phishing attacks, browser-based blocking of
    malicious websites is not sufficient to defend
    against this type of attack.
  • securiumfoxtechnologies has discovered SSL
    certificates in the wild which may have been used
    in MITM attacks targeting banking applications,
    and has also discovered an invalid certificate
    masquerading as .itunes.apple.com (though iOS
    appears to behave correctly and rejects such a
    certificate). With billions of downloads of
    mobile apps from the Apple App Store, Google
    Play and BlackBerry World the attack surface is
    potentially huge and obviously attractive to
    fraudsters. In a study conducted in late 2012,
    more than 17 of tested Android applications
    failed to fully validate SSL certificates.

6
Mobile app and server testing
  • When a customer uses an app to access your
    services over the internet, it is imperative to
    ensure security at both ends. It is pointless
    developing a highly secure app if there are
    gaping holes in the servers that store and
    process customer data conversely, even if your
    servers are completely secure, an insecure app
    could allow customer data to be retrieved or
    redirected to a remote attacker.
  • Accordingly, securiumfoxtechnologies mobile app
    testing includes the following client-side
    activities
  • Decompilation of the installed app
  • Searching for sensitive information hard-coded
    within the app
  • Verifying the security of locally stored
    credentials
  • Checking that SSL certificates and signatures are
    properly validated
  • Discovering insecure use of cryptography for
    transmitting data or for local storage
  • Source code analysis (if appropriate)
  • Checking that automatic updates do not provide a
    conduit for attackers to install arbitrary code
  • Verifying all sensitive information is removed
    after uninstalling the app
  • Looking for unintended transmission of data, such
    as the users phonebook when it is not required

7
  • The app testing service also includes testing of
    the web services used by the app. The following
    aspects are examined in detail to ensure that the
    backend servers do not expose customer data to
    other parties
  • Server configuration errors
  • Loopholes in server code or scripts
  • Advice on data that could have been exposed due
    to past errors
  • Testing for known vulnerabilities
  • Reducing the risk and enticement to attack
  • Advice on fixes and future security plans

8
Typical issues discovered during a mobile app and
server test
  • Vulnerability to man-in-the-middle (MITM) attacks
  • Insecure storage of sensitive data on mobile
    devices
  • Insecure use of cryptography
  • Weak session management
  • Unauthorised access to other users accounts
  • SQL injection
  • Server misconfigurations
  • Command injection
  • Well-known platform vulnerabilities
  • Back doors and debug options
  • Errors triggering sensitive information leaks
  • Broken ACLs/Weak passwords

9
You can always contact with SECURIUM FOX. You can
contact us through our email addresses or by
using the contact form on the side.
  • INFO
  • 3rd Floor,Lohia Towers,
  • Nirmala Convent Rd,
  • Gurunanak Nagar,Patamata,Vijyawada,
  • Andhra Pradesh -520010
  • 9652038194
  • 08666678997
  • info_at_securiumfoxtechnologies.com

10
  • info_at_securiumfoxtechnologies.com
  • Andhra Pradesh Office
  • 91 8666678997,91 91652038194
  • 3rd Floor,Lohia Towers,
  • Nirmala Convent Rd,Gurunanak Nagar,Patamata,Vijaya
    wada,
  • info_at_securiumfoxtechnologies.com
  • UK Office
  • 44 2030263164
  • Velevate, Kemp House, 152 - 160,City Road,EC1V
    2NX
  • London
  • info_at_securiumfoxtechnologies.com
  • Tamil Nadu Office
  • 91 9566884661
  • Kailash Nagar, Nagar, Tiruchirappalli, Tamil Nadu
    620019
  • info_at_securiumfoxtechnologies.com
  • Noida Office
  • 91 (120) 4291672, 91 9319918771
  • A-25, Block A,
  • Second Floor,Sector - 3,
  • Noida, India
  • info_at_securiumfoxtechnologies.com
  • USA Office
  • 1 (315)933-3016
  • 33 West,17th Street,
  • New York,
  • NY-10011, USA
  • info_at_securiumfoxtechnologies.com
  • Dubai Office
  • 971 545391952
  • Al Ansari Exchange, Ansar Gallery - Karama
    Branch, Hamsah-A Building - 3 A St - Dubai -
    United Arab Emirates
Write a Comment
User Comments (0)
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2026 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "Mobile Application Penetration Test Training 7" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!