Datasheet.

BT Security Ethical Hacking. Mobile Vulnerability Assessment.

Our ethical hacking services help you to determine your actual security posture together with remediation advice to mitigate associated risks. Let us help you identifying vulnerabilities in your mobile application before cyber criminals do.

Our approach. We have developed our own standardized methodology for carrying out ethical hacking vulnerability assessments for mobile applications and devices.

Our methodology is based on industry standards, such as the OWASP Testing Guide (OWASP Mobile Top 10) and ISSAF, along with our own checklists, many years of experience, client requirement documents, our own best practices and other well-known references in publicly available resources, such as, forums, technology bulletins, bug navigators and vendor knowledge bases, hacker communities, internet, etc.

The first step is to determine the scope of your testing requirement. Depending on your preference we can perform an interview or share our questionnaire with you. Based on the answers, we may issue an ethical hacking agreement together with a statement of work which describes the scope, deliverables, pre-requisites and associated pricing.

After approval from you, we start the ethical hacking vulnerability assessment. During the vulnerability assessment, you will be notified via a status update report about the progress. After the actual testing has been performed, we will issue a preliminary report. Within 10 days we will present all identified vulnerabilities in a final report. Once we have issued the final report to you, you have 10 days to review and request any changes. Any requested changes will be discussed. Upon agreement, the final report will be updated and re-issued. If no changes are requested during this timeframe, the report shall be considered final and the project completed

The reporting of identified vulnerabilities and recommendations (status updates and final report) is based on our Ethical Hacking Centre of Excellence's (ECHoE) own process and templates. In order to guarantee high quality output, all deliverables go through a peer and document quality review.  

Datasheet.

Mobile Vulnerability Assessment.

Vulnerability Assessment. Our mobile vulnerability assessment services include authentication evaluation, input validation, encryption, installation and configuration review. We test mobile applications using the appropriate mobile devices and/or emulators, depending on testing requirements and the devices chosen. Emulators are better able to facilitate interception and proxy data sent through applications.

Some of the aspects covered and their objective as a part of this type of vulnerability assessment include:

• Our ethical hacking consultants start by testing the local application functionality. This testing includes a basic static analysis, searching for hard-coded sensitive information and comments, checking if debugging is available and enabled, attempting to decompile the application (if relevant), reviewing the install process for weaknesses, determining whether other applications can invoke the application and identifying all of the potential communications methods that are available to the mobile application (cellular, Wi-Fi, bluetooth).

• The next phase is un-authenticated testing, which checks for input fuzzing/ fault injection (i.e. XSS, SQL injection, LDAP injection) and to see if any of the local data stores are accessible.

• Then application encryption methods and processes are checked. We will investigate the encryption strength, and if data is encrypted, when/where it is stored and transmitted.

• We continue testing the strengths and vulnerabilities of the application’s authorization methodology. Gathered data includes the type of authentication used, the communication method used, details about user ID and password transmission and encryption, the application’s use of client-side certificates, the way credentials are managed, potential roles and privilege escalation, and password requirements such as length, complexity and protocols to change passwords.

• Session tracking is also part of the testing process. We will examine how the application tracks sessions, if the application has time-out capability, if there is a trigger for automatic logoff, and how sessions are established, maintained and secured.

The final phase of the testing includes an analysis of application logic. During this testing phase, we will examine input fuzzing/fault injection, investigate how the application manages unauthorized read, write, and execute orders, attempt to perform unauthorized administration functionality and explore file upload filtering and virus checking where relevant.

Before we will start the actual testing, your technical team will be consulted to ensure testing can continue without impacting operations.

Both commercial tools and EHCoE internally developed tools and scripts are used during the testing.

After scanning for the vulnerabilities, a manual verification of identified vulnerabilities will be performed to eliminate false positives.

Optional Penetration Testing? After we finish the vulnerability assessment activities, we may, on your request, attempt to exploit the identified vulnerabilities. The ultimate goal for this step is to demonstrate the consequences of vulnerabilities if exploited by an attacker. This phase may consist of the following steps:

• Gaining access to the targeted systems through software exploitation or configuration issues

• Privilege escalation including credential extraction

• Evaluating any data retrieved from the attack (social security numbers, personally identifiable information, bank account details, corporate information)

• Investigate whether hacking tools can be uploaded and installed on the target host

• Pivoting as an ultimate step to understand overall business impact of successful exploitation of an identified vulnerability.

The results. During the testing, we will immediately report any critical and high risk vulnerabilities identified via a status update report. When the testing has been completed, you will receive a formal report that will contain:

A detailed explanation of the testing activities that have been completed and the methods used by us to determine the results.

A listing of all identified vulnerabilities of your internet presence with a ranking of their level of risk based on the Common Vulnerability Scoring

•

•

System (CVSS), the ease with which they can exploited, and mitigating factors.

An explanation of how to mitigate or eliminate the vulnerabilities including enhancement of your policies, adoption of industry best practices, changes to security processes and enhancement to your internet presence.

•

Within 10 days after the conclusion of testing, we will present all identified vulnerabilities to you in a final report.

Other consulting services. Next to our ethical hacking services we have consulting services to assist you with the mitigation of identified vulnerabilities. In particular, when mitigation requires you to redesign your current application environment, implement other types of technology, review or enhance your security policy, it is good to know that BT has the knowledge to help you.

Datasheet.

Mobile Vulnerability Assessment.

“ These Ethical Hacking services are not only delivered to our customers to protect their interests, but also used to protect the BT brand every day.

Les Anderson, Vice President Cyber & Chief Security Officer BT.

”

Why BT?

Put your ethical hacking need into expert hands. We are one of

the world’s leading and most trusted security brands, derived

from a set of credentials that have been earned over decades of

experience in the field:

bt.com/ethical-hacking

Find out more at:

ehcoe@bt.com

By carrying out vulnerability assessments

on both global and local systems over the

next five years we are supporting a large

European headquartered bank to

demonstrate due diligence to its auditors

through its superior independent reporting.

This enables the bank to be compliant and

in control of multiple and often classified

infrastructure and web applications. It also

ensures they can protect their brand

towards their customers. Regular testing is

taking place on systems managing billions

of euros every day to minimize risk to their

critical business processes.”

Mark Hughes, President BT Security: “We

have a great reputation for providing

global ethical hacking experience and

solutions, but delivering these with local

presence and relationships is making a big

difference to this client.

Large international wholesale and

retail bank.

Datasheet.

Mobile Vulnerability Assessment.

• Our global ethical hacking capability with more than 20

years’ experience combines the vast knowledge and

experience of our consultants with proven methodologies.

• Our customers have the advantage of a partner with a broad

view and enormous experience in every market segment

which a local supplier lacks.

• Being a network operator we have specific and in-depth

knowledge of network infrastructure devices and as a large

company we use many server and workstation platforms,

mobile devices as well as all kinds of applications. These are

thoroughly tested by our ethical hacking capability before

being deployed on our network infrastructure, on which

many international customers rely.

• Our highly skilled consultants hold industry certifications that include CISSP, CISA, OSCE, OSCP, NCSC CHECK and CREST.

• We are accredited for performing our consulting services on a

global scale by Lloyd's Register Quality Assurance for the

ISO9001 quality management system. Holding the ISO9001

certification since 2003 shows our long term commitment to

continuously improve the quality of our services.

• Other relevant accreditation programs are ANSSI PASSI and

the following CREST schemes: Penetration Testing and

Simulated Target Attack & Response (STAR).

• We are one of the largest security and business continuity

practices in the world, with more than 2,500 security

consultants and professionals globally that has been offering

security and business continuity expertise to our customers for

many years.

• Analyst-recognised capability and listed in Gartner’s Market

Guide for Security Consulting Services. John Marcus from

Current Analysis stated: "For the growing number of

enterprises seeking a broader, integrated solution rather than

treating security as an isolated silo, BT can offer a one-stop-

shop security experience”. BT was ranked as “Very Strong” by

Current Analysis (2016).

December 2016