• Home
  • Services
    • padlock
      Threat Modeling »

      Our customized threat modeling
      identifies vulnerabilities within your
      security posture that puts your
      most valuable organizational and
      client data — the crown
      jewels — at risk.

    • scanning
      Security Audits & Assessments »

      Our security audits and vulnerability
      assessments are based on industry
      standards and best practices to assess
      weaknesses in your cloud environment
      and network, as well as mobile
      and web-based apps.

    • hacker
      Penetration Testing »

      Our sophisticated testing services
      delve into your network, smart
      devices and other systems
      to expose critical security
      deficiencies.

  • Process & Metholodogy
  • Blog
  • Careers
  • About Us
  • Contact

An alarming number of
mobile apps are critically insecure.
How's Yours?

At some point, you decided you needed a mobile application for your organization or product.

Maybe it's needed to allow mobile interaction with your systems, or is necessary to interact with your products. Whether you developed it in-house or through a third party, do you know how securely it was written? Sure, there are many published security best practices but did your developers understand and follow each one?

A mobile application vulnerability assessment will delve into your mobile app looking for coding weaknesses, hidden secrets, potential privacy issues and other security inadequacies. We look for common development mistakes and then work with your developers so they can fix the issues, before a security breach.

Many mobile developers think of application security in terms of how they expect users to interact with the system. But what happens if a hacker reverse engineers the app? With the use of emulators, jailbroken, and rooted mobile devices, they can unearth sensitive data and watch interactions with web APIs that your developers assumed were hidden and protected.

  • What To Expect

    What To Expect

    We begin by deploying your application to emulators or rooted Android and jailbroken iOS devices in our mobile interception lab. This allows us to easily extract and decompile your applications — if you haven't already given us the source code for review.

    We then perform static code analysis looking for coding weaknesses and hidden secrets, and use your application like traditional end-users would. Every network packet is captured for analysis, databases are scraped, and system memory is inspected. Web requests pass through proxy interception and modification software that allows us to control every aspect of the app's integration with external services. We even attach debuggers to your live running code to bypass any local controls you may have implemented!

    Our mobile application vulnerability assessment includes:
    • An extremely in-depth analysis of decompiled code, running processes, application memory, network traffic, API calls, and local storage to detect security weaknesses
    • Validity checks of potential weaknesses to determine the risk each poses to your organization
    • A detailed report highlighting vulnerabilities and remediation recommendations, so you can efficiently prioritize resources to fix problems before hackers can find them
  • Success Stories

    Success Stories

    Learn how we've helped our valued clients improve their security posture and mitigate risk through mobile app vulnerability assessments.

    We found AWS secret access keys embedded in a mobile application that had access to all customer data for an organization. We worked with the development team to re-architect the application before release to keep their data secure.

    We discovered hard-coded Active Directory credentials in a publicly-available corporate application that could have led to a complete breach of corporate data.

    We found a misconfigured keyboard cache in a medical imaging application that would have allowed for the insecure storage of personal health information (PHI).

    We fought through multiple layers of SSL/TLS certificate verification and pinning protections to capture and modify sensitive smart device firmware during the over-the-air (OTA) update process.

    We Are the Experts

    Our consultants know how to disassemble your mobile applications to find hidden secrets, watch network interactions with web APIs, and even patch the application to do things you never expected! Many companies shy away from mobile assessments because they find it too difficult to set-up or they don't know what they're looking for. We've developed a robust testing methodology and created a powerful mobile interception lab that allows us to focus on your application.

    Contact us to discuss your mobile app security project today. We'd welcome the opportunity to help you achieve your information security goals.

    Contact Us

From the blog

Check out our blog to get the latest infosec how-to articles, best practices and strategies written by our offensive security experts. Cyber crime isn't going anywhere, so stay informed and on top of it!

Big Breaks Come From Small Fractures.

You might not know how at-risk your security posture is until somebody breaks in . . . and the consequences of a break in could be big. Don't let small fractures in your security protocols lead to a breach. We'll act like a hacker and confirm where you're most vulnerable. As your adversarial allies, we'll work with you to proactively protect your assets. Schedule a consultation with our Principal Security Consultant to discuss your project goals today.

© 2024 FRACTURE LABS, LLC ALL RIGHTS RESERVED