home
about us
products & services
news events
case studies
case study 1 - 2 - 3 - 4 - 5 - 6
resources
contact us
* *
case study previous case studynext case study

Mobile Application Developer - security consultancy & testing

client
Our client is one of the premier developers of WAP applications in their field.

client requirement and business drivers
With a reputation built upon designing, building and hosting, via international portals, world class interactive WAP and SMS based applications; security was recognised by our client as a paramount business concern.

The main business drivers were:

enabling
  • essentially the main enabling requirement was the ability to convince potential clients, including the world's largest mobile telephone operators, of the inherent security built into their systems
  • related to the ability to convince their clients, was the need to similarly satisfy their investors over the issues of security being frequently raised
risk reduction
  • the primary area of concern was brand protection - this was both our client's reputation and brand, but also the fact that the majority of their customers were major global brands and were very sensitive about the potential for any public embarrassment relating to security breaches
  • the nature of some of the applications led to concerns over fraud - prizes available through games and competitions
  • the interactive nature of applications included the need in some cases to exchange or store personal data leading to data protection related concerns

commissum was engaged by the business to deliver a concise risk analysis. The risk analysis provided the business and investors with both a technical and non-technical view of the potential e-Security vulnerabilities, and provided objective advice on a series of measures to reduce the exposure.

commissum services provided

The commissum approach was in two phases:

  • the first phase was targeted at the security of the hosted network environment - the aim was to identify any weakness that would enable intrusion, eavesdropping or denial of service
  • the second phase was to focus on the applications themselves - using a combination of known and bespoke attacks, vulnerabilities were probed and where possible, exploited, in an effort to circumvent security, gain access to sensitive information, and ultimately simulate defrauding the system.

commissum staff provided a series of recommendations on how the security of the applications could be improved by adopting a phased, pragmatic, priority driven approach, which ranged from careful reconfiguration of the existing applications, to planned future development work.

By undertaking this exercise our client was able to quantify and define their e-Security exposure and provide reassurance to their investors. The exercise enabled our client to adopt a risk-based approach to future work that was realistic and appropriate to their organisation.
   
site map

slash

 terms & conditions © 2001-2008 commissum