© 2020 RSM US LLP. All rights reserved.
Mobile Application Testing
Mobile application security tests identify vulnerabilities that can give attackers access to customer data.
As organizations continue to deploy a more mobile work force, reliance on mobile devices and applications are central to sustained productivity. Further, increased consumer demand and preference for mobile applications over the more traditional web application are pushing organizations deeper into the mobile application development space.
Like web applications, mobile applications need to be developed securely, or they may expose your organization to unnecessary risk or inadvertent data exposure.
The main objective of RSM’s mobile application security testing is to identify vulnerabilities that may be leveraged by an attacker to compromise the application or its associated data. This testing is not device-specific and can be conducted against all major platforms (e.g., iOS, Android), architecture (e.g., native, hybrid) and frameworks (e.g., Swift, Objective-C).
RSM’s offers the following types of mobile application security testing engagements:
- Binary static analysis—RSM will conduct static application security testing (SAST) against the compiled mobile application binary components to identify vulnerabilities in the source code. The main benefit of binary analysis is that it not only allows for the identification of vulnerabilities for code that you compile from source, but also for third-party code that is used within the application.
- Dynamic code analysis—RSM will conduct dynamic application security testing (DAST) against the application during runtime to identify a wide range of vulnerabilities including those listed within the Open Web Application Security Project (OWASP) Top 10.
- Mobile application penetration testing—RSM will conduct manual mobile application penetration testing to identify not only vulnerabilities listed within the OWASP Top 10, but also business logic flaws that cannot be identified by traditional scanning software. This testing will also involve file system analysis, which uses forensics techniques to identify potential vulnerabilities associated with the targeted application as the application relates to file system changes during runtime.