Attack vectors and risks are different for mobile platforms than traditional web based applications. The Saturn Partners, Inc. has gained a deep understanding of mobile architectures and application development having assessed numerous mobile applications, reviewed device-level security controls and worked with telecommunications providers over the years.
While performing penetration testing with or without source code review, we examine and reverse engineer applications and protocols. Furthermore, SPI also performs both local device and remote service penetration tests.
Our Penetration Testing Service covers the following, but is not limited to, the following:
Application and Product Penetration Testing:
- Identification of security weaknesses through penetration testing with or without code review
- Demonstration of weaknesses as needed to validate findings
- Simplified architecture review and threat modeling
- Characterization of the impact of a successful attack
- Recommend solutions for addressing weaknesses
- The application, protocol, or implementation’s security posture is reported
- Upon request, a public facing document explaining the test methodology and results can be provided
Application Design Review:
- Conduct a review of a system’s design
- Identify security implications of the design
- Perform threat modeling
- Perform a gap analysis between the design and industry best practices
- Enumerate conflicts between business requirements and security considerations so informed trade offs are made
- Recommend solutions for addressing security weaknesses
- Can be conducted prior to implementation, or once in production
Application Code Review:
- Examine sensitive areas of software code
- Identify security flaws including: race conditions, overflows, character set conversion problems, logical errors, bad assumptions, key management flaws, and cryptographic mistakes
- Recommend specific fixes and general coding practice improvements appropriate to the Client’s environment
- Lead groups of developer through code review exercises to enhance the Client’s ability to audit code
- Upon request, a public facing document explaining the test methodology and results can be provided
The Saturn Partners, Inc. has focused on assisting clients with development and testing of ALL elements of a sound IT and environmental security plan since 2001.