Application Security

  • Being at the forefront of most modern organisations, it is crucial web applications are sufficiently protected. Due to this inhernet ubiquity and their underlying complexity, they present a unique challenge to an organisation’s security posture. That is why our team of consultants are Crest certified to ensure they provide a robust and metriculous review of even the most complex applications.

  • Mobile Applications are often overlooked, however, they can pose a significant threat to your customers and your business. While vulnerabilities within mobile applications often reside on the clients themselves, does not mean the business is not at risk. An attacker with access to a compromised mobile phone could exploit weaknesses in the application to exfiltrate sensitive information or conduct malicious or fraudulent actions. While this can have a fiscal impact, it can often have a reputational impact, breeding an inherent lack of trust amongst your customers.

  • When we say thick clients, we mean desktop applications that you might find on an Operating System, such as Word, Outlook, or Google Chrome etc. Thick clients can often behave like web applications but at times are very different under the hood and can expose your organisation to a much more vast array of attacks.

  • Source code reviews can be a great way to identify vulnerabilities not immediately present through dynamic testing alone. Looking through the code allows us to logically follow intended flows in order to identify potential bypasses or unhandled exceptions. Further to this it can be quick to identify the use of dangerous functions or insecurely handled input that could lead to remote code execution or other injection-based attacks.

  • DevOps pipelines contain extremely sensitive information that is a target for attackers. If an adversary compromised a DevOps environment they could steal passwords or code signing certificates, push malicious commits to the source code repository, or execute arbitrary commands on the runners themselves, potentially allowing them to pivot further into your internal network.

What is Application Security Testing?

Application Security Testing (Penetration Testing) is a crucial component in ensuring the robustness of digital systems. It involves a systematic evaluation of applications for vulnerabilities and weaknesses throughout the development lifecycle. By employing various testing methodologies, including static analysis, dynamic analysis, and interactive testing, it identifies potential security risks and weaknesses.

Application assessments help encompass early detection of vulnerabilities, cost-effective remediation, compliance adherence, and overall enhancement of the software development lifecycle. With Application Security Testing, organizations can fortify their applications, safeguard sensitive data, and build a resilient security posture in the face of evolving cyber threats.

Web Applications.

 

Being at the forefront of most modern organisations, it is crucial web applications are sufficiently protected. Due to this inhernet ubiquity and their underlying complexity, they present a unique challenge to an organisation’s security posture. That is why our team of consultants are Crest certified to ensure they provide a robust and metriculous review of even the most complex applications.

At Cerberus Labs we have adopted industry leading methodologies such as the OWAP ASVS (Application Security Verification Standard), NIST and the CIS Benchmark to enhance our internal practicies for reviewing web applications.

Mobile Applications.

 

Mobile Applications are often overlooked, however, they can pose a significant threat to your customers and your business. While vulnerabilities within mobile applications often reside on the clients themselves, does not mean the business is not at risk. An attacker with access to a compromised mobile phone could exploit weaknesses in the application to exfiltrate sensitive information or conduct malicious or fraudulent actions. While this can have a fiscal impact, it can often have a reputational impact, breeding an inherent lack of trust amongst your customers.

Through decompiling and reverse engineering, Cerberus Labs reviews the application’s security features including, root detection, certificate pinning, Jailbreak detection, and anti-hooking implementations. Included in our assessments are the application’s handling of cryptographic data and storage of sensitive information, whilst assessing mobile-specific features such as client-side authentication, web views, and deeplinks etc.

Thick Clients.

 

When we say thick clients, we mean desktop applications that you might find on an Operating System, such as Word, Outlook, or Google Chrome etc. Thick clients can often behave like web applications but at times are very different under the hood and can expose your organisation to a much more vast array of attacks.

Our methodology when it comes to thick clients starts fairly similar to mobile applications. Our consultants will decompile and reverse engineer the application to understand how it works and to identify any interesting features to poke at. Depedning on the language or size of the application we might need remotely debug the application, which allows us to insert breakpoints at specific points in the application’s execution to target specific vulnerable features. A large part of identifying vulnerabilities with thick clients is understanding how it communicates. This could be IPC or network based protocols sucn as HTTP, FIX, Web sockets, or RMI. Proxying or decrypting this communication can be crucial to exploiting an application. We will review any client-side functionalities, that could be levearged by an attacker to elevate their privileges on the underlying OS, bypass access controls or compromise supporting infrastructure.

Static Reviews.

 

Source Code Reviews

Source code reviews can be a great way to identify vulnerabilities not immediately present through dynamic testing alone. Looking through the code allows us to logically follow intended flows in order to identify potential bypasses or unhandled exceptions. Further to this it can be quick to identify the use of dangerous functions or insecurely handled input that could lead to remote code execution or other injection-based attacks.

Architecture Review

Security should never be an afterthought. This has been said many times over and continuously proves itself. That is why it can be a good idea to conduct a review of a solution’s high-level design before it is implemented to understand whether the best balance between security and functionality has been struck.

DevOps and Pipeline Assessments

Development pipelines are ever more important in today’s growing need for rapid and continuous software solutions. These pipelines are the source of software products we all use daily and so become a single source of truth. Because of this, they are a high-value target for attackers aiming to conduct supply chain attacks. A compromised DevOps environment can be catastrophic as an attacker can leverage pipeline agents to execute remote commands, capture authentication material used by these agents, or push malicious commits to the source code.

FAQs

 

What is the process for conducting a penetration test?

A high-level methodology for conducting a security assessment can be found here.

How long does a typical engagement take?

The duration of an engagement depends on the size and complexity of your solution, the scope of the testing, and the specific objectives of the assessment. On average, an engagement can last anywhere from a few days to several weeks. Our team will provide you with a detailed timeline and schedule to ensure minimal disruption to your business operations during the testing process.

What deliverables can we expect from a penetration testing engagement?

At the conclusion of the penetration testing engagement, you will receive a comprehensive PDF report detailing the findings, vulnerabilities discovered, and recommended remediation steps. The report will include an executive summary, technical details of the vulnerabilities identified, risk prioritisation, and actionable recommendations to strengthen your security posture. Our team will also be available to provide guidance and support in implementing the recommended remediation measures.

What is a security assessment, and why do we need it?

Security assessments (Penetration tests) are a method of evaluating the security of computer systems, networks, or applications by simulating real-world attacks. It helps identify vulnerabilities and weaknesses that malicious actors could exploit. By conducting security assessments, businesses can proactively strengthen their security measures and protect their sensitive data from potential cyber threats.

How can I carry out a security assessment with you?

Get in touch! Use our contact form here and provide us with background and context on the project and we will get back to you to arrange a call.

How often should we conduct penetration testing?

The frequency of testing depends on various factors such as changes in your network infrastructure, the introduction of new systems or applications, regulatory requirements, and the level of risk tolerance within your organization. Typically, it's recommended to conduct testing at least once a year, but more frequent testing may be necessary for high-risk environments or industries.

Security assessments are flexible and can often benefit from the shift left approach to software development. Conducting smaller, more regular assessments as part of the development lifecycle. This can help catch vulnerabilities early in their lifetime before they make it into products or services.