Mobile Application Security Assessment for an Enterprise Learning Platform Provider
Business Requirement
Our client, a prominent mobile video sales learning and readiness platform provider, needed to ensure the security of their mobile application used by leading technology, life sciences, and financial services organizations worldwide.
As the app operates in an enterprise environment, the customer sought a comprehensive Mobile Application security assessment to identify potential vulnerabilities, mitigate risks, and safeguard sensitive data.
Nuage Solution
To address the customer’s requirements, Nuage security expert devised a thorough approach for the Mobile Application security assessment. The solution began with downloading the app on Android and iOS devices and conducting initial scans to gain a thorough understanding of its functionality. Subsequently, a series of tests were performed, including Static Code Analysis, Dynamic Code Analysis, architecture review, design and threat modeling, and verification of in-app controls such as data storage, privacy, cryptography, authentication, and session management.
The Mobile Application security assessment included the following tests:
- Applications Runtime Manipulation: Ensuring that the app does not bypass security checks, logic checks, or gain unauthorized access to privileged parts of the application on both Android and iOS platforms.
- Fuzz Testing (Fuzzing) of APIs: Inputting massive amounts of random data to identify potential security vulnerabilities and loopholes in the application’s APIs.
- Reverse Engineering: Analyzing the application to gain insights into the interactions between the application layer and the server.
- Decompilation: Attempting to decompile the application to extract usable code for further analysis.
The deliverables provided to the customer included customized reports tailored to their operational environment and development framework.
Tools used:
- Static & Dynamic code analysis: OWASP ZAP, Burp suite, Drozer, Frida
- Reverse engineering: Apktool, Dex2jar, JD -GUI, Smali
- API Fuzzing
For more such analysis and insights, click here- https://nuagebiz.tech/case-studies/
For more details and personalized assistance, reach out to info@nuagebiz.tech