Applications
Mobile Applications
Mobile apps are everyday companions. But how is their security posture? Is data stored and processed securely? Go find it out with us.
Scope of the pentest
During this assessment, our ethical hackers evaluate your mobile application regarding vulnerabilities and misconfigurations.
The assessment is typically conducted remotely.
Exemplary test objects:
iOS
We test your iOS application natively on our testing devices. To analyze your app with full disk and operating system access, we use "jailbroken" devices to perform our assessment.
Android
We test your Android application natively on our testing devices. Rooted Android devices with full system access are used for this analysis.
76%
76% of all mobile applications save their data insecurely. ¹
Often the risk is not comprised of a single vulnerability, but multiple smaller issues that allow for severe attacks when they are combined. ²
89%
89% of attacks do not require physical access to the mobile device and can be abused by malware or other channels. ³
Penetration test of mobile applications
Our approach
During this penetration test we perform a comprehensive security assessment of your mobile application(s) (iOS / Android). Further, we analyze the underlying communication between the mobile client device and your backend services.
In the first part of our testing, we identify common vulnerabilities in mobile applications. These include, for example, insecure data storage, insecure authentication, or weaknesses in the communication channel used.
In the second step, we will evaluate your mobile application from the perspective of regular users with valid test accounts. In this context, we identify vulnerabilities in the application logic as well as horizontal and vertical privilege escalations.
Finally, we analyze the backend services of your mobile application. In this section, we specifically look for security vulnerabilities in areas such as authentication, input validation, authorization, and session management, as well as cryptography and message integrity.
In summary, all tests described in the OWASP Mobile Security Testing Guide (MASTG) are performed.
This test focuses on identifying vulnerabilities listed in the OWASP Mobile Top 10. Our test results will provide you with insight into the security status of your mobile application(s). Using the documented results, we will help you improve your application’s resilience against attacks or verify the effectiveness of security solutions you have already implemented.
Testing types
Black-Box
Testing as an external attacker without additional information
Grey-Box
Testing with valid credentials
White-Box
Testing with credentials and access to the source code
Standards and Qualifications
We follow recognized international standards for our pentest procedure.
Our penetration testers are highly qualified and certified with several recognized hacking certificates.
