nVisium provides top-tier mobile security solutions for our clients. As experts in the field of mobile application security for both iOS and Android, nVisium draws upon its combined decades of engineering and security expertise to produce practical solutions to keep your software secure and business safe.
Our team will determine if sensitive data is adequately protected when stored on the mobile device. We will also identify if backend web services and third-party APIs are resistant to attack, understand the exposed surface for malicious app attacks, discover what information can be gained by reverse engineering an application, check to ensure cryptographic implementations cannot be circumvented to gain access to sensitive information, ensure that in-app purchases and premium features cannot be accessed prior to payment, and much more.
nVisium will analyze the controls in a running application and report their effectiveness. nVisium will analyze the mobile device file system for extraneous data leakage that may affect the application and its users. Our team will also review stored data including databases and files, examine caches and temporary files and perform memory analysis to identify any leaks which may persist in sensitive data.
nVisium will analyze any third-party mobile applications your organization uses.
nVisium will always recommends a hybrid assessment for mobile applications. nVisium’s mobile hybrid assessment combines source code review with black box (or dynamic) testing, is what differentiates nVisium and allows for the most comprehensive and effective assessments for our clients. It is especially important in the mobile space due to complexities of mobile platforms and backend systems. This analysis evaluates all aspects of an application and tests risk mitigation solutions for a fully comprehensive security assessment. Our hybrid assessment approach utilizes a multi-step methodology combining the strongest aspects of both static and dynamic analysis to provide the most extensive and effective assessment possible.
nVisium recommends a hybrid assessment for mobile applications, which combines source code review with black box (or dynamic) testing, and is the most comprehensive and efficient type of assessment.
nVisium will assess the mobile application dynamically through manual interaction to find and validate vulnerabilities. Our team will perform runtime hooking and instrumenting of the mobile application, perform sniffing and fuzzing of intents, observe application behaviors, intercept and manipulate traffic, and try bypassing client-side protections.
nVisium will inspect the provided application binary for flaws in compilation and deployment that may be leveraged by an a hacker. In some cases nVisium will try to decompile, disassemble, and debug the mobile application.
nVisium integrates with your team's existing development processes to help build a more robust software security program within your organization. Each member of our team has an extensive background in both software engineering and security.
“nVisium’s approach was unique and the team provided actionable findings. They strove to make our application secure and resilient.”Rich Ronston / Director of IT Security at Deltek
“nVisium has a world class application security consulting team that brings unprecedented knowledge, innovation and leadership to help train, advise and assist our development teams.”Jerry Gamblin / Lead Security Analyst at CARFAX
“nVisium performed a hybrid mobile assessment and then took those findings to build a custom security training course for our developers. The training was valuable, engaging and helpful for the developers to understand the importance of building secure software from the ground up. nVisium's training resulted in more secure code across the organization.”Tony Trummer / Director of Security Engineering at Tinder