Mobile Security Testing
Mobile devices and applications are now widely used within corporate environments. Employees may be using a company issued device or a BYOD (Bring Your Own Device), whichever is used, it is essential to ensure the device configuration, application and information contained on the device is secure.
We offer a full range of mobile security testing and reviews. This covers the mobile application, the physical device itself and the Mobile Device Management (MDM) software.
Mobile testing covers many areas such as the device configuration, the management of the device and the applications used on the device.
Applications used on mobile devices can be tested at an application level to ensure no vulnerabilities exist that could lead to data being obtained from the device or the server that the application communicates with.
Mobile devices, both company issued and BYOD (Bring Your Own Device), and applications are widely used within corporate environments and testing can ensure the device configuration, application and information contained on the device is safe and secure.
As the device is mobile, it is likely that some devices will either become lost or stolen. Testing can ensure information is not able to be extracted from the device or its applications if the device falls into the wrong hands.
We can offer the following mobile testing services:
- Mobile application testing
- Mobile application reverse engineering
- Physical device review of security related configuration settings
- Mobile Device Management (MDM) software configuration reviews
- Lost device review to simulate a lost or stolen device
- Mobile security
All manufacturer devices can be reviewed, such as Apple, Microsoft, Android and BlackBerry devices. We also cover all major MDM (Mobile Device Management) platforms.
We can also review the deactivation process used for lost or stolen mobile phones using MDM software. We can run the lost device procedure and then inspect the mobile device to ensure the device does not contain any user information.
Armadillo Sec are a CREST certified testing body and we are accredited to operate as a CHECK service provider. All of our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT Level. Our testers are also CHECK Team Leaders (CTL’s) or CHECK Team Members (CTM’s) and are approved to conduct government CHECK testing.
Our team have many years experience conducting a broad range of government and commercial tests and always aim to go the extra mile for our customers.
Frequently Asked Questions
All our testers are certified by CREST and our senior consultants are certified by CREST to the highest CCT level.
|CREST Certifications||Certified Testers|
|Practitioner Security Analysts||Yes|
|Registered Penetration Testers||Yes|
|Certified Web Application Testers||Yes|
|Certified Infrastructure Testers||Yes|
|Certified Simulated Attack Specialist||Yes|
|Certified Simulated Attack Manager||Yes|
Our CREST member status can be viewed, along with the certified tester types we have on the below link:
Our testers are also CHECK Team Leaders (CTL's) or CHECK Team Members (CTM's) and are approved to conduct government CHECK testing.
|CHECK Status||Certified Testers|
|CHECK Team Member (CTM)||Yes|
|CHECK Team Leader (CTL) - Infrastructure||Yes|
|CHECK Team Leader (CTL) - Applications||Yes|
Our CHECK status can be viewed on the below link:
It is recommended that mobile applications and device configurations are tested annually as cyber threats are constantly evolving.
If major changes are made to the device types, configurations or new applications are developed, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.
Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.
Penetration testing is bespoke depending on the goal or outcome you wish to achieve, therefore there is not an off-the-shelf price for a mobile penetration test.
As application and mobile device deployment sizes can vary significantly, for each project we will technically scope your requirements and establish the time needed to complete the work. We will then provide a detailed proposal and breakdown of costs and options.
We supply a full penetration testing report, which covers the following:
- Executive management summary - Non technical overview of issues for management board level
- Detailed technical findings - A complete list of all issues identified
- Affected areas - A list of all areas/pages/URLs/device settings affected, including any associated parameters
- Risk level - Impact, likelihood and overall risk ratings are listed for each issue
- Examples - Output or screenshots to demonstrate the issue
- Recommendations - Recommendations of how to remediate the issues, including any reference to documents that can assist
A sample report can be supplied upon request.
We have a full methodology for all testing services we provide, which is supplied with each project proposal. This outlines the testing steps and all the requirements in order to deliver the test.
All of our application testing methodology aligns to the OWASP top 10 standard, which is the industry standard for application security.