The service covers all threat vectors concerning mobile applications on Apple iOS and Google Android. The audits carried out include reverse engineering of the application, application runtime analysis, traffic flow & encryption flaws, insecure storage, code signing, memory protections, API endpoints analysis as well as fuzzing and exploitation. We will test your Android and iPhone mobile applications to make sure they cannot be compromised. We can also include backend servers in the testing.
Our testing methodologies are aligned with the following frameworks: NIST, OWASP Top 10 API as well as SANS Top 25. A lot of the flaws are identical to the ones encountered on web applications, but are exposed through APIs instead. These include user input not being sanitized, clear text transmission of confidential information to server, the possibility to introduce own code and the manipulation of the execution flow.
Learn more about our services and solutions to your cybersecurity challenges and regulatory requirements.