Mobile Application Assessment

In addition to entertainment, mobile applications are used for business critical operations and handling of personal or confidential information.  Secure mobile applications protect the information while using and storing it against common weaknesses and malicious intents.

For mobile applications, it is crucial to verify the security of the application running on a mobile device and also the backend service it is using. Typically the mobile application stores and processes confidential information on the device such as smart phone or tablet. Insecure mobile applications are also a risk for other applications and data on the device. Nixu’s professionals ensure that common mobile application weaknesses are avoided and proper security controls have been implemented. During the assessment Nixu’s experts provide recommendations and support for improving the security before releasing the application.
Nixu has done several mobile application security assessments for applications running on Apple iOS, Google Android and Windows Phone. Whether the app is designed for iPhone, iPad or customized Android device Nixu’s experts analyse the application security status and help improving it. We have conducted security testing, protocol testing and code reviews for applications ranging from processing personal information to mobile games and penetration testing of mobile banking applications. The assessments have been carried out for mobile applications released by our customers to the application stores or when they need to ensure the security of a third-party application to be used.
The assessment is based on OWASP Application Security Verification Standard (ASVS) to provide a comprehensive and industry approved systematic approach in addition to industry and customer specific requirements. In addition to that, Nixu’s independent mobile application security research ensures that latest threats and advancements in mobile security and rapidly evolving mobile operating systems are taken into account in every assessment.
Penetration testing

Nixu’s experienced penetration testers assess the security of the mobile application and backend service thoroughly. The found vulnerabilities are exploited as in real attack scenario, and the attacks can also lead to compromise of internal systems.

Backend service testing

Mobile applications typically operate in conjunction with services over the Internet such as Web Service, REST API using JSON, SOAP or XML messaging. Backend service security level is verified part of the assessment as they are also crucial for the operation of the whole system.

Sensitive data on mobile device

Each mobile operating system has their own secure methods for storing sensitive data securely on the device in addition to traditional file system encryption. Secure storage ensures confidentiality of the information against malicious applications or in case of a lost device.

Information Security Inspections

Security auditing services from PCI audits to information system intrusion testing
Read more

Nixu Security Verified

Verify your information system or network service and convince end users of your solution's security
Read more

Mobile device security

Information stored in mobile devices can also be secured.
Read more