Our Profile: We are highly motivated team of IT professionals mentored by very experienced leadership. We offer solutions on WEB and Mobile technologies. Our company site www.kennedia.net.
Relevant Skills and Experience
We have Experience with PEN testing.
Proposed Milestones
£2500 GBP - Placeholder
- Is sensitive information utilized within the application flushed from memory upon session expiration?
- Data Storage
- Encryption
- Are the algorithms used “best of breed” or do they contain known issues?
- How are keys derived from i.e. a password?
- Based on the algorithms and approaches used to encrypt data, do implementation issues exist that degrade the effectiveness of encryption?
- How are keys managed and stored on the device? Can this reduce the complexity in breaking the encryption?
- Identify if the application utilizes storage areas external to the “sandboxed” locations to store unencrypted data such as:
- Places with limited access control granularity (SD card, tmp directories, etc.)
- Directories that may end up in backups or other undesired locations (iTunes backup, external storage, etc.)
- CSRF
- SQL Injection
- Cookies
NOTE: ALL TESTING WILL BE ACCORDING TO OWASP STANDARD.