Penetration tests of mobile apps

Today, there is almost no IT activity that we are unable to perform from the convenience of our mobile phones. As the number of online users and data continues to grow, so do the demands on its security. With mobile penetration tests, we help uncover serious flaws in application implementation, system configuration or company policies that could do great damage if exploited by attackers. Our team of ethical hackers searches for security vulnerabilities and simulates attacks on both the application (client) and server side of systems to test their ability to withstand real-world cyberattacks from the external environment.

We look for bugs in the implementation and help to create secure applications. We offer clients two types of tests: comprehensive vs. quick.

• We audit apps for iOS and Android operating systems.
• We use proprietary methodologies based on the OWASP Mobile Top10 and Mobile Application Security Verification Standard (MASVS), augmented with business logic tests and other scenarios drawn from our years of experience.
• We use manual, automated and semi-automated techniques to uncover vulnerable parts of applications.
• We analyse both the mobile client portion and the transport layer and server services of the application. We look for potential data leakage, privilege escalation, authentication issues and many other critical areas.
• We also examine the source code of the application, where we use a combination of static analysis and automated tools to perform code reviews to uncover quality or security flaws in the code and the application itself.
• To accommodate customer needs, we offer two testing options:
  • Comprehensive (full scan): a full penetration test in which all parts of the application are scanned according to the complete methodology.
  • Quick scan: a reduced penetration test in which we focus only on the most important areas of the application and the most common types of vulnerabilities. Usually with half the workload of comprehensive tests.

We help companies set up effective control mechanisms for the secure use of mobile devices in the corporate environment.

• We check the configuration of the administration interface against current security standards and practices.
• We check mobile device settings and configurations according to company policies.
• We perform penetration testing of mobile applications managed by MDM and used in the corporate container.
• We consult on BYOD policy settings.

We analyse and consult on the potential risks associated with the use of specific mobile operating systems and help find secure solutions for the use of mobile devices in the corporate environment. We analyse critical areas of operating systems. We consult on possible solutions for the safe use of mobile devices in the corporate environment.

Marginally, our teams also specialise in the following mobility services:

Mobile phone audits, where we perform forensic analysis of mobile devices that are likely to be the target of hacker attacks.

• Analysis of non-standard application or system behaviour.
• Verification of the presence of malicious malware, possible security vulnerabilities and traces of data leakage from the device.

Penetration testing of IoT devices, where we examine the security of smart mobile devices and smart home solutions that have become an inevitable part of corporate and home networks.

• Verify the security of devices connected to the corporate or home network. 
• Analysis of physical security, firmware, communication (including wireless) within the internal network or cloud.
• Smart home solutions, cameras, cars, routers, intercoms, smart cities and more.