+383 (0) 49 949 166 [email protected]

Mobile
Security Evaluation

Methodology 

Resolve all identified issues with expertise and precision

Reduce risk, costs, and legal liabilities as a result of Cyber

Protect your reputation, clients and data from adversaries

We have dedicated environments for testing both iOS and Android applications. These dedicated environments allow us to test and analyze the application optimally, on its real environment / device.

Mobile Testing Methodology

The OWASP Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security. It can be used by mobile software architects and developers seeking to develop secure mobile applications, as well as security testers to ensure completeness and consistency of test results.

For Mobile applications, the mobile version of OWASP is adapted to meet testing requirements. A comprehensive guide for iOS and Android mobile security testers with the content below

Show your partners and clients that you care with an executive security report and exclusive website badge

U

Identify security vulnerabilities affecting your applications

s

Understand the risk posed by identified vulnerabilities

Show your clients and stakeholders you're secure

White Box Testing

In white box testing, conversely, the client shares in-depth knowledge of the internals of the systems being tested. That understanding is used to simulate attacks that directly assess how secure the systems actually are.

The benefits of this method are as follows:

 

Highly Effective – Guarantees a much larger and detailed coverage of assessment
Expert Recommendations – Maximizes remediation quality.

Black/Grey Box Testing

This methodology requires no or minimal prior information about the target network or application. it’s a real-world hacker attack scenario. It’s preferred because it enables the security experts to look at various levels of security controls from an attackers perspective. This is usually the best approach because it enables security teams to think out of the box and perform tests on all levels according to practical expertise and knowledge.

The benefits of this method are as follows:

 

Realism –  Emulates how a real cyber attack would affect systems.
Rapidity – Guarantees speed and adheres to industry standards,

Mobile Platform Internals

~

Security testing in the mobile app development lifecycle

Basic static and dynamic security testing

t

Mobile app reverse engineering and tampering

N

Assessing software protections

U

Detailed test cases that map to the requirements in the MASVS.

Technical Report

We document all findings on a technical level in order to increase the remediation efficiency. Our documentation helps your developers understand the origins of identified vulnerabilities, and includes detailed steps on how to mitigate vulnerabilities according to industry standards. 

Executive Summary

An executive summary will be professionally written specifically for your organization, outlining the successes during the engagement, remediation efforts, and an expert opinion by one of our senior staff members on the security and safety of your technologies which can be shared and shown to all clients, partners, and stakeholders.

Strategic Recommendations

As part of our Security Testing activities, we provide extensive cyber security consulting for management and executives in relation to their technology in an effort to address identified issues in order to empower their technological departments, reward cyber security initiative, and allocate resources towards security.

Free Follow-up Testing

After each security assessment is completed, meaning that you have been given all of the documentation and the guidelines for remediation, Sentry work with you to coordinate timelines in order to conduct a follow-up test in order to check if everything has been remedied and fixed properly. We ensure that your technologies are protected.

Copyright © 2020 Sentry
All Rights Reserved.

Website and Visuals by Mayune
Contact

+383 (0) 49 686 668
[email protected]