Case Study

Security Testing of the mobile banking application for Malaysia’s largest financial service provider

Assuring Information Security without compromising user experience with our structured Information Security Test Approach.

Business Situation:

Malaysia’s largest financial service provider implemented mobile banking services through a robust mobile application for ios and android devices for customers to perform everything online with their mobile devices This application has to be tested to ensure it is secured against known vulnerabilities and cyber-attacks.

Challenges:

  • The threat landscape of mobile banking is emerging. Key threat vectors include Jailbroken or rooted devises, outdated OS and no secured connections, account take over, cross channel credential theft, attack on the mobile application.
  • Limited tools availability to perform infosec testing especially on the user end device ie. Mobile handset.
  • Limited availability of the talent( Security Testing skills)
  • Possible use of variety of risk based methods of testing

The Solution:

Hastraa designed a testing solution that was encompassing the following
  • Device risk level detection involving use of Jailbroken devices, Outdated Oss , Malware infections and Rogue apps
  • Account takeover detection through persistent device ID
  • Mobile application protection through Harden app to protect the confidentiality of the code and protect the integrity of the app at run time

Benefits for the Customer:

  • Information Security gap identified and mitigation solution incorporated and tested in time to secure the application while conducting the Functional & Performance Testing with incremental cost
  • The comprehensive & integrated testing proved to be cost effective & project deadline was not impacted.
  • Information Security Test Process executed with improvements on the existing process for the organization to use across projects.