Applications
Mobile Applications
Mobile apps are everyday companions. But how is their security posture? Is data stored and processed securely? Go find it out with us.
APT Simulation, MITRE ATT&CK
Do you have questions about your selection or are you unsure? Please feel free to contact us!
Mobile apps are everyday companions. But how is their security posture? Is data stored and processed securely? Go find it out with us.
During this assessment, our ethical hackers evaluate your mobile application regarding vulnerabilities and misconfigurations.
The assessment is typically conducted remotely.
Exemplary test objects:
We test your iOS application natively on our testing devices. To analyze your app with full disk and operating system access, we use "jailbroken" devices to perform our assessment.
We test your Android application natively on our testing devices. Rooted Android devices with full system access are used for this analysis.
76% of all mobile applications save their data insecurely. ¹
Often the risk is not comprised of a single vulnerability, but multiple smaller issues that allow for severe attacks when they are combined. ²
89% of attacks do not require physical access to the mobile device and can be abused by malware or other channels. ³
During this penetration test we perform a comprehensive security assessment of your mobile application(s) (iOS / Android). Further, we analyze the underlying communication between the mobile client device and your backend services.
In the first part of our test, we identify common application vulnerabilities in your mobile application. These are, for example, insecure data storage, insecure authentication or weaknesses in the communication channel used.
In the second step, we examine your mobile application from the perspective of regular application users with valid test accounts. In this context, we identify vulnerabilities in the application logic as well as horizontal and vertical privilege escalations. This means the possibility of a user to access foreign data or functions unprivileged.
Finally, we analyze the backend services of your mobile application. In this section, we specifically look for security vulnerabilities in areas such as authentication, input validation, authorization and session management, as well as cryptography and message integrity.
Testing as an external attacker without additional information
Testing with valid credentials
Testing with credentials and access to the source code
2 - Own statistics from our client assessments
3- TBD