Mobile Application Penetration Testing
Why Mobile Application Penetration Testing?
- Compliance regulations may require regular pen testing
- Customers and partners may require proof of regular pen testing
- Proactive security investment instead of reactive repair costs
- Avoid legal action and reputational damage following a breach
The service covers all threat vectors concerning mobile applications on Apple iOS and Google Android. The audits carried out include reverse engineering of the application, application runtime analysis, traffic flow & encryption flaws, insecure storage, code signing, memory protections, API endpoints analysis as well as fuzzing and exploitation. We will test your Android and iPhone mobile applications to make sure they cannot be compromised. We can also include backend servers in the testing.
Our testing methodologies are aligned with the following frameworks: NIST, OWASP Top 10 API as well as SANS Top 25. A lot of the flaws are identical to the ones encountered on web applications, but are exposed through APIs instead. These include user input not being sanitized, clear text transmission of confidential information to server, the possibility to introduce own code and the manipulation of the execution flow.
- Consultants with 10+ years of ethical hacking experience
- Consultants certified to highest levels such as OSCP, OSCE, OSWE, GIAC
- Experience across all industry and government sectors
- We are an independent third party concerned with finding & fixing flaws
- No conflict of interest. We are not embedded with HW/SW vendors
- Dedicated Red Team approach with specialists in all technologies