Web and Mobile Applications

SRA provides application security testing services with the quality, flexibility, and free re-testing we are known for (of Internet-facing issues). Our methodology emphasizes manual testing complemented by automation, covers the OWASP Top 10 and beyond, and we manually validate findings before assigning a risk rating.

Web Application Security Mobile

Web Application Testing

Our testing attempts to identify insecure web server software, application functionality and configuration settings that are susceptible to both common and custom attacks that could result in data compromise, elevated privilege or administrative application control, or reputation damage. We perform testing of the application from the perspectives of both an unauthenticated and authenticated Internet hacker and cover the OWASP Top Ten.  We validate and eliminate false positives for vulnerabilities identified through automated testing.

Mobile Application Testing

Our mobile application testing methodology is distinctive, using open-source tools with published and custom methods to test app security controls and demonstrate potential risks to sensitive data on mobile devices. We assess the following areas:

  • Authentication & Access Control
  • Encryption Key Management and Cryptographic Methods
  • Information Disclosure Flaws
  • Dynamic Runtime Analysis
  • Reverse Engineering
  • Other Client-Side Attacks
  • Network Traffic Analysis
  • Misuse Detection and Response