Coastline’s methodology includes authenticated and non-authenticated testing and follows the OWASP Top 10 Web Security Testing Guide to validate strong security controls within code quality, handling of sensitive data, and interaction with the current environment. We first attempt to break into the mobile application itself and gain access to users’ accounts or the application’s administrator functionality. If unsuccessful in acquiring a valid account, we will ask for a valid temporary username and password—this will allow us to perform an attack from an authenticated user’s perspective. Once gaining access and a better understanding of the application’s code, Coastline’s consultants will begin to investigate any areas of concern. Coastline’s mobile application assessment also includes testing for common problems resulting from input validation problems such as Script Injection, Cross-Site Scripting, SQL Injection, Buffer Overflow Checks, and Format String Attacks.
Other common issues that could potentially be exploited by threat actors include:
Throughout the mobile application testing process, Coastline ensures transparency by providing the Client with a clear outline of the steps, processes, and methodologies employed. Our team meticulously documents and reports successful breach attempts, exploitable vulnerabilities, and other relevant data discovered during the assessment.
Upon completion of our mobile application assessment, we will provide you with a detailed report of the findings as well as best practice recommendations to enhance the security around your mobile application. The deliverable will provide the Client with valuable information on the current state of the security that exists within the organization, the presence of vulnerabilities, and additional information on the level of risk each vulnerability represents.