Mobile Security for Companies
Smartphones, apps and mobile applications have become indispensable in today’s business world. But, in addition to advantages such as ease of use and mobility, mobile applications harbor numerous risks. The use of data on public networks, programming errors in the applications and corporate policies such as bring-your-own-device provide a wide attack surface for cybercriminals as well as for more technically experienced actors. As more and more critical data flows through mobile devices, cleanly implemented security measures are essential in this area.
We are happy to support you in systematically building or improving your mobile security architecture.
In addition to customized solutions, we offer the following services in the area of mobile security:
As part of an MDM configuration review or MDM pentest, we check the security and protection of your MDM solution. According to your requirements, this includes a comparison of your configuration with security best practices as well as a comprehensive penetration test of your solution. Among other things, the following test contents are covered:
- Checking the configuration against operational requirements and security best practices
- Checking the enrolment process for vulnerabilities
- Reviewing the device loss process for vulnerabilities
- Checking remote access to the company for vulnerabilities
- Reviewing the robustness of the MDM configuration (against mobile devices with jailbreaks, for example).
As well as an assessment of the security level, including a detailed list of your system’s vulnerabilities, you will receive concrete recommendations to bring security to a level that offers attackers as little attack surface as possible.
Mobile Application Management
Analogous to the MDM Review, we also review your Mobile Application Management (MAM Config Review, or MAM Pentest).
- Mobile Application Penetration Test
Do you develop your own mobile apps for cell phones or tablets, or do you want to check the security of a third-party app?
We examine both variants of mobile application in terms of security. Depending on the platform (Android or iOS), architecture (native app, hybrid app, progressive web application/PWA) and security requirements of your application, we offer a customized test catalog based on internationally recognized standards (OWASP Mobile Testing Guide). The OWASP Mobile Top 10 and other typical vulnerabilities cover all relevant points of attack on smartphone apps and the associated infrastructure (data transmission, backend APIs). The following test contents are also checked:
- Vulnerabilities in the backend (REST API, other web interfaces) and in the communication between app and backend
- Vulnerabilities in the business logic of the application
- Vulnerabilities in the local storage of data
- Reverse engineering of the application
- Vulnerabilities in authentication and authorization
- Exposure of sensitive information (e.g., through log entries)
- Operating system specific vulnerabilities (intent hijacking on Android, for example, or insecure keychain configuration on iOS)
Our security audit provides you with a comprehensive report that, in addition to an overall overview of the security status and individual vulnerabilities, contains concrete recommendations for securing the application as well as a recommended prioritization of the individual measures. The assessment of security vulnerabilities is adapted to your individual security needs using the Mobile Application Security Verification Standard (MASVS).
The tests are carried out by experienced analysts with years of experience in mobile platform security architecture and mobile security analysis. Our lab has a large number of mobile devices with all relevant technologies, the latest software versions and all necessary test tools as well as jailbreak or root access. We are also happy to examine your own devices – as part of an MDM solution with company-owned devices, for example.
NSIDE Attack Logic – Your Partner for Mobile Security
To provide you with the best possible product, we adapt the test parameters such as scope and procedure to your individual needs. Simply contact us and we’ll get back to you as quickly as possible.