Security and Penetration Testing

EVALUATE THE SECURITY OF YOUR WEB OR MOBILE APPLICATIONS

Sourcetoad conducts a variety of assessments for clients who want to know how secure their applications are. Our security experts can attempt to ethically probe, and find faults and security holes in existing applications.

Our team will then deliver a Security Assessment Findings report that will document the findings from the research as well methods and techniques used in the penetration tests.  Any findings from our team are immediately presented with fix or patch recommendations as action plans and suggested future actions.

Why Sourcetoad? Our experts will help you ensure your software is secure. 

Sourcetoad have been building web and mobile applications since 2008, the launch year of the Apple App Store. Our engineers and security experts have helped design some of the toughest security systems on the planet and so they know what makes software secure.

This experience has helped our security teams crack open applications from some of the largest companies in the world (at their request of course!) and provided insight and recommendations to those companies CISOs and development teams.

Sourcetoad proudly supports the development of APKTool, the largest OpenSource tool for reverse engineering 3rd party, closed, binary Android apps.

SECURITY ASSESSMENT METHODOLOGIES & TECHNIQUES

Infrastructure Assessment

Investigate the technology stack, including but not limited to: 

  • Map the application’s architecture and obfuscation level of the source code. 
  • Assess defense mechanisms for anti-tamper, anti-debugger, and anti-man-in-the-middle. 
  • Determine the relevant integrations and APIs through the mobile application(s).

Vulnerability Assessment

Investigate the dependencies of software as well as the versions of languages and databases used to identify known system flaws.

  • Map the application’s architecture and obfuscation level of the source code. 
  • Assess defense mechanisms for anti-tamper, anti-debugger, and anti-man-in-the-middle. 
  • Determine the relevant integrations and APIs through the mobile application(s).

Initial OWASP Review

Use the top 10 OWASP (Open Web Application Security Project®) items to reveal potential weaknesses and risks in the code and infrastructure.

SECURITY ASSESSMENT GOALS:

Understand

Gain insight into the technologies and security standards of the current system.

Identify

Discover any issues which would cause problems from a security perspective.

Emulate

Uncover security threats that would be discoverable from the perspective of a passenger.

Get in Touch