Security and Penetration Testing
Evaluate the security of your web or mobile applications.
Sourcetoad conducts a variety of assessments for clients who want to know how secure their applications are. Our security experts can attempt to ethically probe, and find faults and security holes in existing applications.
Our team will then deliver a Security Assessment Findings report that will document the findings from the research as well methods and techniques used in the penetration tests. Any findings from our team are immediately presented with fix or patch recommendations as action plans and suggested future actions.
Why Sourcetoad?
Our experts will help you
ensure your software is secure.
Expertise
Sourcetoad has been building web and mobile applications since 2008, the launch year of the Apple App Store. Our engineers and security experts have helped design some of the toughest security systems on the planet and so they know what makes software secure.
Full service
This experience has helped our security teams crack open applications from some of the largest companies in the world (at their request of course!) and provided insight and recommendations to those companies CISOs and development teams.
Commitment
Sourcetoad proudly supports the development of APKTool, the largest OpenSource tool for reverse engineering 3rd party, closed, binary Android apps.
Security assessment methodologies & techniques
Infrastructure Assessment
Investigate the technology stack, including but not limited to:
- Map the application’s architecture and obfuscation level of the source code.
- Assess defense mechanisms for anti-tamper, anti-debugger, and anti-man-in-the-middle.
- Determine the relevant integrations and APIs through the mobile application(s).
Vulnerability Assessment
Investigate the dependencies of software as well as the versions of languages and databases used to identify known system flaws.
- Map the application’s architecture and obfuscation level of the source code.
- Assess defense mechanisms for anti-tamper, anti-debugger, and anti-man-in-the-middle.
- Determine the relevant integrations and APIs through the mobile application(s).
Initial OWASP Review
Use the top 10 OWASP (Open Web Application Security Project®) items to reveal potential weaknesses and risks in the code and infrastructure.
Security assessment goals:
Understand
Gain insight into the technologies and security standards of the current system.
Identify
Discover any issues which would cause problems from a security perspective.
Emulate
Uncover security threats that would be discoverable from the perspective of a passenger.