Application Testing

Android applications contain a moderately unique vulnerability posture, owing to the open nature of the operating system and the relatively widespread use of custom operating systems. This impacts the security of stored data and introduces significantly greater opportunities for an attacker to utilise application data for malicious gain.

To review this, our experienced consultants will utilise OWASP and wider security testing methodologies to evaluate the stored data, data in transit, and remote network service vulnerabilities affecting the security of your data, and your users’ data.

Have you ever wondered what security implication installing software onto one of your devices has? Our thick client tests will identify all the security issues and risks that installing and using this software has to your security posture. Whether you’re installing something onto an enterprise server to support your organisation or on a user desktop environment, we can help with giving you the assurance you need.

This testing is traditional application testing, where the principal concern is an unauthenticated or authenticated attacker gaining access to more data than desired, or in the worst instance, gaining a foothold on your internal system. The assessment will consist of a holistic test designed to evaluate all aspects of the web application, including authentication best practices and issues affecting specific versions of supporting libraries. In addition to issues affecting the application itself, our consultants have extensive experience in identifying data protection issues concerning legal requirements and organisation-specific security best practices. We use the best-practice Web Security Testing Guide as defined by OWASP, a globally recognised leader in maintaining and guiding organisations to more secure applications. As an organisation, Salus therefore aims to provide our clients with an assessment aligned to objectively controlled and reviewed testing standards.

iOS application security frequently relies on the ‘walled-garden’ approach to security, where the assumption that the underlying system is secure leads to the implementation of less-secure functionality.

By bypassing the underlying controls on the system, our consultants can review the security posture of the application as it truly is, allowing your organisation to review the potential risk given the possibility of a weakened operating system.

Our testing processes align to OWASP, which provides an excellent basis for testing of mobile applications and web applications alike, and ensures an objective, repeatable test that is updated by a global force of information security professionals.

APIs, similar to web applications, can consist of almost entirely the same exploits and vulnerabilities. With the use of single-page apps, and mobile applications, APIs are frequently the first element of your infrastructure a user will interact with. Whilst this is true, APIs are consistently considered backend services, and often not included in standard penetration testing scopes for solutions.

Whilst the complexity of the logic that APIs implement is frequently less than that of a full webpage, the implementation of access controls and input validation is still a significant concern. Furthermore, the use of the data must also be considered, with the possibility for output data to be used in a vulnerable context, resulting in a vulnerability.

The Salus approach to API testing is a collaborative one, where, if possible, the API is tested within the context of the data being used, such that all vulnerabilities and secondary systems affected by an exploit can be evaluated.