Security Audit

Mobile Application Auditing :

Eumecon is known for its top quality mobile application security assessments and collaborating with developers to fix the issues. Our team members have done extensive research on Mobile security, given talks and trainings at various organizations and published research papers on Mobile Security. We understand how crucial security is for your organisation, and thus we help you secure your mobile application assets.

We analyze the security issues in your mobile application through a thorough security analysis including both manual and automated approach, and identify all the possible security loopholes in your application. Apart from the popular OWASP Mobile Top 10, we even identify the lesser known vulnerabilities and logical flaws, which could affect the security of your application.

Some of the things that we look for in mobile application security audits are :

  • Insecure Cryptography based security vulnerabilities
  • Injection based vulnerabilities
  • Insecure Android IPC vulnerabilities
  • Sensitive information disclosure
  • Network based vulnerabilities
  • Web API level security issues
  • Session Handling security issues
  • Authorization and Authentication vulnerabilities
  • Decisions via untrusted inputs
  • Webview based vulnerabilities
  • Insecure data storage
  • Business logic vulnerabilities
  • Runtime Manipulation attacks
  • Vulnerability in 3rd party components

Vulnerability Assessment and Penetration Testing :

Penetration Testing involves identifying and exploitation of possible security vulnerabilities of an organisation’s assets, for eg – Web Applications, Network Devices, Mobile apps etc.

We at Eumecon offer the best Vulnerability Assessment and Penetration Testing (VAPT) services, where we focus on the entire enterprise security including web applications, network and mobile applications. In Enterprise VAPT, we use attacker centric approach, where we try to break in and assess the security of the end targets, using all ways which an attacker could possibly take.

The enterprise VAPT ensures that the organisation’s assets are secured, and bulletproof from possible security threats. A VAPT is recommended every few months for an organisation, as the code base keeps on changing, the attack techniques and targets will also differ.

Also, a VAPT helps an organization to be compliant with most of the standards such as HIPAA and meet testing requirements for standards like PCI-DSS.

Differentiation from competitors :

Unlike our competitors, who find out only the low hanging fruits while pentesting applications, We perform an indepth analysis of the applications. We do both Static and Dynamic Analysis of the apps, including Behavior and Network security issues detection. We even inspect 3rd party libraries/components in use in the application, and find security issues in the components which might ultimately affect the application.

We understand that the most component of the application is data and we pay utmost importance to it, to ensure that it’s secure. Our approach differentiate our way of analyzing the Application.

We evaluate the mobile applications on all available OS Platforms and search for possible OS specific vulnerabilities, application specific vulnerabilities, network vulnerabilities, storage vulnerabilities, data vulnerability and a lot more.

Security Training scope offered and details

Training Name : Advanced Android and iOS Hands-on Exploitation

Description : This fast-paced training will get you familiar with the various Android as well as iOS exploitation techniques, and bypassing most of the existing security models in both of the platforms. We will cover topics such as malware analysis, application auditing, automated static and dynamic analysis, Dex Exploitation, OWASP Mobile Top 10 and a lot more.

We will also cover ARM Platform Exploitation, on which most of the smartphone run these days. In ARM, we will cover exploitation techniques such as Stack Based Buffer Overflows, Gadget Chaining, ROP and Bypassing protections.

Finally for iOS, we will be looking into the application security auditing, creating a pentest environment, present sandboxing model, code signing, Inspecting binaries, Use-after-free and much more.

We will also be looking into Android rooting and iOS jailbreaking exploits, and recreate the scenario from the scratch. Students will also be provided with custom exploitation labs, which will be preconfigured and loaded with all the tools and scripts which will be covered during the training.