Share:
Mobile Application Audit offer
- User data security;
- The security of the servers to which the servers connect.
During these audits, the APK is decompiled in order to perform a static analysis. In addition, a dynamic analysis is performed in order to verify the proper functioning of security mechanisms specific to Android.
The first part of the Synetis methodology consists of a complete static analysis, the aim of which is mainly to disassemble the application in order to discover implementation security weaknesses in the application's source code, secrets and sensitive information directly accessible in the configuration files.
The second part of the audit consists of a dynamic analysis whose goal is totest the behavior of the application with respect to its use by an attacker such as injection attempts to exploit vulnerabilities of the SQL Injection, Cross-Site Scripting and other types.
- network communications
- authentication
- session management
- cryptography
- code auditing
- reverse engineering
- L1: Standard Safety;
- L2: Defense in depth;
- R : Resistance to reverse engineering and modification.
Knowing that level R can be associated with the others, there are actually four levels which are the combinations of levels L1 and L2 with and without level R(L1, L1+R, L2, L2+R).
In concrete terms, the first level L1 corresponds to the standard security that an application should have, the second level L2 corresponds more to applications dealing with very sensitive data and requiring the implementation of a risk analysis.