Security and performance testing for an enterprise mobile app for an American multinational management consulting firm - a Fortune 500 company.

According to the client security policy, the event management application should be strict on its application security front. It has been asked to deliver the solution with high level encryption for the data security. Web Services exposing the data towards the native mobile applications should use the same encryption while transmitting and communicating the data.

What we did

Scan the website and server using Accunetix tool and verifies the threats at the development level.
Manual threat investigations done to confirm the exploits in the application. Also, for the mobile applications, we used third party tools in order to verify the data security.
Highlight server and application vulnerability issues to fix as possible.

Solution Highlights

At the server side, data at rest on the server made protected with the help of disk level encryption offered by AWS EC2 instances.
At the device level, custom instrumentation had implemented to encrypt and decrypt data locally stored on device. Strong encryption algorithm like [AES 256-bit] used to encrypt the data.
Encryption of data in transit had implemented by using TLS (HTTPS) in all communications between the back-end server system and mobile devices or desktop browsers.