We identify the web service endpoints and assess privilege escalation opportunities, error handling problems, injection flaws, broken access controls, and other web application threats.
The application is further analysed to determine what information is stored locally on the device and could be recovered from a stolen device or malicious third-party applications.
The subsequent review of cached information checks for sensitive data in clear text, as insecure local storage is a concern if the device is lost or stolen.
Reverse engineering the application helps identify any sensitive information such as encryption keys, hard-coded database credentials, server IP addresses, or default credentials left behind by the developers within the binary.
The final deliverable contains detailed recommendations to help developers remediate the issues identified during the assessment. Where a problem cannot be quickly remediated, mitigation strategies will be presented, depending on the environment where the application is implemented.