MOBILE APPLICATION VA/PT SERVICES ( VULNERABILITY ASSESSMENT AND PENETRATION TESTING)

CRAW SECURITY provides services in mobile application vulnerability assessment and penetration testing domain. Our ultimate goal is to provide quality and effective  services at client place.Our purpose is to  to utilize active exploitation techniques in order to evaluate the security of the application against best practice criteria and to validate its security mechanisms and identify application level vulnerabilities. problem solving methodology   are made to resolve so that customer can gain complete satisfaction from the vulnerabilities.

 

MOBILE APPLICATION VULNERABILITY  ASSESSMENT AND PENETRATION TESTING APPROACH

 

STAGE 1:- PLANNING AND INFORMATION GATHERING

  • Share the assessment methodology documents with the client.
  • Ask for details of the web applications in scope for the assessment.
  • scope to decide potential impact of scanning activities.
  • Share contact details of Team Leads and Project Manager from company.

 STAGE 2-

  • A: WHITE BOX TESTING
  • B: BLACK BOX TESTING
  • C.GREY BOX TESTING

 

 STAGE 3: APPLICATION SECURITY ASSESSMENT

  • Assess the security of the selected applications, focusing on remotely exploitable vulnerabilities, application security architecture, design and implementation.
  • Assess the controls with respect to user access, privilege levels, development and delivery, and overall design of the applications

 

STAGE 4:  REPORTING AND KNOWLEDGE TRANSFER

  • Submit the final and detailed set of reports with in-depth information to fix the vulnerabilities and an efficient and effective follow-up plan

 

TOOLS GOING TO BE USED IN MOBILE VA/PT

Appie

  • Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual Machine(VM) or dualboot.

Appium

  • Appium aims to automate any mobile app from any language and any test framework, with full access to back-end APIs and DBs from test code.

Santoku

It is used for many purposes such as

  1. Mobile Forensics
  2. Mobile Malware
  3. Mobile Security
  • Assessment of mobile apps
  • Decompilation and disassembly tools
  • Scripts to detect common issues in mobile applications
  • Scripts to automate decrypting binaries, deploying apps, enumerating app details, and more

 

Mobsf

  • Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing.

Appuse

  • AppUse is a VM (Virtual Machine) developed by AppSec Labs. It is a unique platform for mobile application security testing, Android and iOS applications and includes exclusive custom-made tools and scripts created by AppSec Labs.

Oxygen

  • Oxygen is an tool-set built on top of Appium, WebdriverIO, and Selenium that significantly simplifies writing and running web automation tests. It implements many commonly recurring patterns out-of-the-box and hides complexities of the above backends behind a concise API.

 summery

We are  finalizing the After the successful penetration into the system, privilege escalation technique is used to identify and escalate access to gain higher privileges, such as registry/root access or administrative privileges to that particular it environment system or network.finally binding it with documents , reports  and the effort made.

CONTACT INFORMATION

Welcome to our CRAW Security. We are glad to have you around.

Phone

011-40394315 | +91-9650202445 | +91-9650677445

Email

[email protected]

Head Office

1st Floor, Plot no. 4, Lane no. 2, Kehar Singh Estate, Westend Marg, Behind Saket Metro Station, New Delhi – 110030