Get professional advice from our consultants regarding your Android vulnerabilities
What to Expect in our Android Pentesting Service.
The Android application attack surface consists of all components of the application, including the supportive material necessary to release the app and to support its functioning.
- Mobile App Authentication Architectures
- Network Communication
- Data Storage on Android
- Cryptographic APIs
- Local Authentication on Android
- Network APIs
- Android Platform APIs
- Code Quality and Build Settings for Android Apps
- Tampering and Reverse Engineering on Android
- Android Anti-Reversing Defenses
Our Methodology
Krypteia’s approach to Android application assessments includes reviewing how application reacts against common input attacks, server-side controls, data communication paths and client-related issues.
Static Testing
Search for sensitive information disclosures & de-compile to source code.
Analyzing Config files: reveals URL, Server credentials, Cryptographic keys, Hard coded passwords.
Reverse Engineering: Using reversing tools, Device Binding, Impede Comprehension, Impede Dynamic Analysis and Tampering.
Dynamic Testing
Attempt to inject and bypass authentication controls & review data communications functionality.
Input Validation: Injection, Malicious Input acceptance, Command Injection.
Buffer Overflow, File Upload, Business logic validations, Error handling/ Info Leakage, Session management, Log tampering.
Serverside Testing
Vulnerabilities specific to web servers: Directory Traversal, Command injection, Remote code execution, SQL injection, Sensitive file exposure, Web server miss configuration exploitation.
API/Webservices testing: authorization, IDOR, Injections and exploits, API business logic bypas like skipping payments, API missconfigurations.
Identify potential for denial of service (DOS) attacks.
Contact Us today so we can talk about your Cybersecurity and IT solution needs for your organization!