Penetration tests of mobile apps
Mobile devices are now a common part of our personal and professional lives. Aricoma helps companies and institutions run secure mobile services and keep internal and client data secure.
Penetration testing of mobile applications
We look for bugs in the implementation and help to create secure applications. We offer clients two types of tests: comprehensive vs. quick.
- We audit apps for iOS and Android operating systems.
- We use proprietary methodologies based on the OWASP Mobile Top10 and Mobile Application Security Verification Standard (MASVS), augmented with business logic tests and other scenarios drawn from our years of experience.
- We use manual, automated and semi-automated techniques to uncover vulnerable parts of applications.
- We analyse both the mobile client portion and the transport layer and server services of the application. We look for potential data leakage, privilege escalation, authentication issues and many other critical areas.
- We also examine the source code of the application, where we use a combination of static analysis and automated tools to perform code reviews to uncover quality or security flaws in the code and the application itself.
- To accommodate customer needs, we offer two testing options:
- Comprehensive (full scan): a full penetration test in which all parts of the application are scanned according to the complete methodology.
- Quick scan: a reduced penetration test in which we focus only on the most important areas of the application and the most common types of vulnerabilities. Usually with half the workload of comprehensive tests.
Benefits
- We are one of the most established Czech companies in the field of IT security, with more than 30 years of history
- We have over 10 years of experience in the field of mobile application and platform security.
- Our team consists of specialists with experience from hundreds of mobile projects.
- We hold eMAPT, OSCP, OSCE, CEH and many other certifications in the field of IT security.
- We run our own hacking lab for research in mobility and IoT.
- We listen to our clients and tailor tests relevant to their needs and time constraints.
- We follow modern trends in the field of mobile security and IT technologies.
- We emphasize a manual approach to testing leading to the discovery of more bugs especially in the business logic of applications.
Mobile Device Management (MDM/MAM) audits
We help companies set up effective control mechanisms for the secure use of mobile devices in the corporate environment.
- We check the configuration of the administration interface against current security standards and practices.
- We check mobile device settings and configurations according to company policies.
- We perform penetration testing of mobile applications managed by MDM and used in the corporate container.
- We consult on BYOD policy settings.
Mobile operating system audits
We analyse and consult on the potential risks associated with the use of specific mobile operating systems and help find secure solutions for the use of mobile devices in the corporate environment. We analyse critical areas of operating systems. We consult on possible solutions for the safe use of mobile devices in the corporate environment.
Other services
Marginally, our teams also specialise in the following mobility services:
Mobile phone audits, where we perform forensic analysis of mobile devices that are likely to be the target of hacker attacks.
- Analysis of non-standard application or system behaviour.
- Verification of the presence of malicious malware, possible security vulnerabilities and traces of data leakage from the device.
Penetration testing of IoT devices, where we examine the security of smart mobile devices and smart home solutions that have become an inevitable part of corporate and home networks.
- Verify the security of devices connected to the corporate or home network.
- Analysis of physical security, firmware, communication (including wireless) within the internal network or cloud.
- Smart home solutions, cameras, cars, routers, intercoms, smart cities and more.
DO NOT HESITATE TO
CONTACT US
Are you interested in more information or an offer for your specific situation?