The use of mobile technologies such as smartphones and tablets within an enterprise creates a unique set of challenges that must be addressed in order to ensure that sensitive information accessed, stored, and/or transmitted by these devices is properly protected.

Varutra utilizes its extensive knowledge base with technical and operational skills to examine the issues and challenges unique to the security and management of mobile technologies and the information these devices store and process. Varutra is specialized in performing the following services.

Application Security Assessment
The assessment aims at identifying the vulnerabilities that can be exploited in the target application on the mobile device. The testing methodology involves assessments posing as an authenticated as well as an unauthenticated user, i.e., black box and gray box approaches. This type of test involves building a threat profile in order to discover contextual security vulnerabilities specific to the application.
We at Varutra perform complete security assessment of applications, along with the associated web services. The testing involves assessing mobile applications exhaustively for vulnerabilities that put any valued data at risk. The threat profiles generated are derived from our experience in application security and security guidelines such as OWASP Mobile Top 10. Our assessments are complimented by detailed reports on the vulnerabilities identified, along with relevant proof of concept.
We provide Mobile Application Security Services across different platforms such as – Android, iOS
Source Code Review
Varutra conducts a white box security assessment consisting of a combination of both automated source code scanning and manual source code review to analyze the security state of the mobile application as well as associated web services. Our team identifies and enumerates potential coding security flaws in target application(s) and provides code-level remediation recommendations to the development team.
We provide Mobile Application Security Services across different platforms such as – Android, iOS
Mobile Device Forensics
Mobile device forensics is a branch of digital forensics relating to the recovery of digital evidence or data from a mobile device under forensically sound conditions.
Mobile devices, apart from cellular capabilities, provide users with the functionalities to perform additional tasks such as Messaging (SMS and MMS), Instant Messaging (IM), Electronic mail, Web browsing and storing files on the device itself. Over time, these devices accumulate a sizeable amount of information about the user and the activities conducted with the device, including but not limited to above-mentioned data.
Forensic analysis of a mobile device requires procedures that allow the proper retrieval of information and relevant data present on the device. Varutra mobile forensic analysis service meets quality forensic standards along with proper techniques from seizing data to final report generation in order to ensure quality and consistent results. Mobile forensics services are currently offered for Android and iOS mobile devices.

The Varutra Advantage

  • Combination of application security assessment techniques, in-house developed tools and assessment procedures specific to mobile testing.
  • Test cases comprise of OWASP Mobile TOP 10 vulnerabilities and usability weaknesses common in mobile computing environment, such as
    • Application permissions.
    • Residual data on local storage and caching (passwords, usernames, device identifier, and other sensitive data).
    • Native code execution.
    • Ability to deal with “Stolen/Lost Device Scenario”.
    • Insufficient authorization from mobile client to back-end systems and databases.
    • Session hijacking.
    • State of device after the application is uninstalled.
  • Readiness against the latest mobile risks.
  • Improved assurance and confidence on mobile application security.
  • Assistance in achieving efficient implementation of BYOD policies.
Case Study on Mobile Application Security1
Case Study on Mobile Application Security2
Case Study on Mobile Application Security3