Security strategies designed specifically to combat mobile risk
Don’t assume the same testing methodology you use for web applications is sufficient for your mobile apps. Web-only techniques focus on finding server-side vulnerabilities and miss vulnerabilities in client-side code running on mobile devices. Vulnerabilities in client-side code can be just as serious as server-side vulnerabilities and can lead to your users’ data being compromised.
There is no one-size-fits-all security solution for mobile apps. The security concerns and controls available can vary, depending on whether an app is a native app, mobile web app, or hybrid app, the operating system that the app is running on, as well as whether the app is accessed only by employees or the general public. Cigital understands the particular security concerns and bakes them into the strategies we use to mitigate your risk.
The result? More than 11.6 million mobile devices are carrying security vulnerabilities, according to research from IBM and the Ponemon Institute.
Why are security concerns for mobile applications different from web applications?
Off-the-shelf testing tools are not designed to identify vulnerabilities in code running on mobile devices. Cigital’s security experts have built a customized security testing suite (including static and dynamic tools that work together) to capture those vulnerabilities accurately and efficiently. In addition, our in-depth manual tests consider every aspect of mobile security, including how components are used and how applications/systems talk to each other.
We never leave you on your own to interpret test results and figure out what to do next.
Capture and fix security vulnerabilities in mobile apps before launch.
Run-time analysis that highlights areas of insecure communication.
Platform-specific security practices and defensive programming for iOS and Android.
Build security into policies, standards, and metrics for app development.