Mobile Security

Rapid growth of the smartphone user base and the enhanced computing power of these devices presents a new, ever-widening threat to corporate and personal proprietary information. Intrepidus Group works with many telecommunication providers, their ASPs, and mobile application developers to assess the security of their devices and applications. Our expertise and experience spans BREW, Android, Blackberry, iPhone, and Windows Mobile handsets, and the applications resident on them.

Our consultants are also adept at testing a wide range of backend telecommunications technologies and protocols. We have assessed the security mechanisms of multiple products including PDSNs, BSCs and SMSCs.

Network & Application Penetration Testing

Intrepidus Group can help you understand the risks faced by your networks and applications by performing hands-on penetration tests or vulnerability assessments. Our consultants focus on identifying the practical exploitable vulnerabilities, demonstrate their business impact, classify them based on risk, and provide detailed and understandable technology-specific remediation advice.

Over the years, our proven methodology has consistently evolved to encompass the latest threats and includes:

• Network Range Discovery
• Host and Service Discovery
• Vulnerability Identification
• Manual Testing and Verification
• Unauthenticated Web Vulnerability Testing
• Authenticated Web Application Testing

The purpose of this testing is to identify vulnerabilities in an organizations network and systems, demonstrate their impact on business, classify them based on business impact, provide detailed technology-specific remediation advice, and to test the effectiveness of incident detection mechanisms.

Social Engineering

Attackers are increasingly using social engineering ploys to "break in" to organizations and gain unauthorized access to proprietary information. Intrepidus Group can help you mitigate the risk due this threat by conducting social engineering exercises that emulate the real threat. Additionally, we provide you with a summary of the susceptibility of your employee base as well as a detailed account of the exercise, all of which helps strengthen your user awareness programs. Such engagements entail:

• Email-based, phishing exercises
• Attempts to gain unauthorized physical access
• Telephonic impersonation to glean sensitive information

Intrepidus Group’s consultants begin by designing attack scenarios applicable to your organization. After a scenario is approved, we emulate the attack while assessing the ability of your employees to identify and avoid potential lapses in security through unintentional communication of sensitive data. In doing so, we effectively uncover the likelihood of inadvertent disclosure of confidential information and help avoid system access from an external attacker in the future.

Source Code Review

A security review of source code is aimed at identifying, both, design flaws and implementation bugs that may render your application susceptible to compromise.

Our consultants are capable of reviewing security of applications written in C, C++, Java, .NET, Ruby, and PHP.