Skip to content
Applications

Mobile Applications

Mobile apps are everyday companions. But how is their security posture? Is data stored and processed securely? Go find it out with us.

Scope of the pentest

During this assessment, our ethical hackers evaluate your mobile application regarding vulnerabilities and misconfigurations.
The assessment is typically conducted remotely.

Exemplary test objects:

iOS

We test your iOS application natively on our testing devices. To analyze your app with full disk and operating system access, we use "jailbroken" devices to perform our assessment.

Android

We test your Android application natively on our testing devices. Rooted Android devices with full system access are used for this analysis.

Penetration test of mobile applications

Our approach

During this penetration test we perform a comprehensive security assessment of your mobile application(s) (iOS / Android). Further, we analyze the underlying communication between the mobile client device and your backend services.

In the first part of our test, we identify common application vulnerabilities in your mobile application. These are, for example, insecure data storage, insecure authentication or weaknesses in the communication channel used.

In the second step, we examine your mobile application from the perspective of regular application users with valid test accounts. In this context, we identify vulnerabilities in the application logic as well as horizontal and vertical privilege escalations. This means the possibility of a user to access foreign data or functions unprivileged.

Finally, we analyze the backend services of your mobile application. In this section, we specifically look for security vulnerabilities in areas such as authentication, input validation, authorization and session management, as well as cryptography and message integrity.

Mobile Applications

In summary, all tests described in the  OWASP Mobile Testing Guide  are performed. 

The focus of this test is to identify vulnerabilities that are listed in the  OWASP Mobile Top 10 . Through our test results, you will gain insight into the security posture of your mobile application(s). With the pentest's results we will help you to improve your resistance against attacks or to verify the effectiveness of already implemented security mitigations.

Testing types

Black-Box

Testing as an external attacker without additional information

Grey-Box

Testing with valid credentials

White-Box

Testing with credentials and access to the source code

Standards and qualifications

We follow recognized international standards for our pentest procedure.

Our penetration testers are highly qualified and certified with several recognized hacking certificates.