Mobile applications and their host devices are continuously evolving, from platform and operating system changes to new delivery methods. To survive in this environment, mobile applications often use rapid development and dynamic-compilation languages. When combined with the wide range of devices, communication channels, and business demands, this means that the threat landscape is incredibly broad.

IOActive can provide a holistic security assessment of your mobile application. We review the security and compliance risks to your mobile application, its associated backend systems, and the interactions and data flows between them.

Since mobile application security is a relatively new area for most organizations, IOActive is prepared to work with you to develop a strategy that will protect your sensitive information. You’ll be confident that your mobile application is secure, complies with regulations, and meets your business requirements.

Mobile Application Assessments
IOActive will examine your mobile application’s design and perform testing directly through the end-user interface. We also perform manual testing and targeted source code reviews, in an effort to expose vulnerabilities which are not apparent through the end-user interface.

IOActive’s assessments cover all vulnerability classes identified by OWASP:

  • Injection
  • Broken authentication and session management
  • Cross-site scripting
  • Insecure direct object references
  • Security misconfiguration
  • Sensitive data exposure
  • Missing function level access control
  • Cross-site request forgery
  • Using component with known vulnerabilities
  • Unvalidated redirects and forwards

In addition, IOActive can test all of the web services and APIs that support your mobile application. These systems are often the ones which store or provide access to the most critical information or systems.

Additional services we offer include:

  • Software assurance training
  • Security Development Lifecycle (SDL) implementation and training
  • Application threat modeling
  • Secure code reviews
  • Application architecture design reviews


Read more about our work in this area: Prevent Personal Banking Apps Flaws

< Back to Services Overview