Home Our Solutions Mobile Application Penetration Testing

Mobile Application Penetration Testing

In recent years, there has been a greater tendency to assess mobile application security as it is a growing market and quickly becoming a prime communication channel between businesses and customers. When an application is developed, the developers do not always have security best practices in mind and frequently focus only on the functional components of their applications.

Devoteam Cyber Trust proposes to carry out penetration tests that include the security of client's applications installed on mobile devices and on the backend services that support them. In this sense, Devoteam Cyber Trust proposes a holistic analysis to the mobile application's security.

Devoteam Cyber Trust offers a comprehensive approach to Mobile Testing based on 12+ years of experience in PenTesting. We bring proven best practices to every testing engagement and have delivered our services across 5 continents.

Mobile Testing Activities

Our mobile application testing activities include:

Information Gathering
Configuration Management Testing
Authentication Testing

Session Management
Authorisation Testing
Business Logic Testing

Data Validation Testing
Web Services Testing
AJAX Testing

These activities are all based on the OWASP’s Top 10 Mobile Risks, which provide a solid foundation for any security analysis.

Benefits:

Reduce considerably the security risk levels

Reduce considerably the security risk levels

Reduce the risks associated with the loss of confidential information

Reduce the risks associated with the loss of confidential information

Improve your organisation's credibility and reputation

Improve your organisation's credibility and reputation

Direct interaction with our knowledgeable experts who can provide insights into whatever question

Direct interaction with our knowledgeable experts who can provide insights into whatever question

Why Devoteam Cyber Trust's Mobile Testing Service?

With vast experience in delivering extensive testing solutions across diverse industries, we have gained unmatched expertise in addressing end-to-end testing requisites that ensure complete test scope and enables the performance of software while significantly reducing the risk.

We have in place an excellent team of certified professionals that have more than 12 years of experience in Pen-Testing and will act, according to the scope of the service, as the Security Assessment Team.

Qualifications:

Offensive Security Certified Professional (OSCP)
Offensive Security Wireless Professional (OSWP)
GIAC Certified Penetration Tester (GPEN)

eLearnSecurity Mobile Application Penetration Tester (eMAPT)
eLearnSecurity Web application Penetration Tester eXtreme (eWPTX)

Certified Information Systems Security Professional (CISSP)
ISO 27001 Lead Auditor BSI
Certified Information Systems Auditor (CISA)

We would like to emphasise that during the course of a penetration test, tools are usually used as accelerators on the process of identification and exploitation of vulnerabilities, although, it is the knowledge and experience of the consultants that allows the achievement of the effectiveness of the penetration test. The tools, just by themselves, without the adequate usage and interpretation, do not generate the expected results.

Our team was responsible for porting the iOS introspy security assessment tool to iOS 9, and is the current maintainer, have also contributed to other tools such as the needle framework.

There are also complex scenarios in which, our team develops plugins or custom made tools in order to exploit those scenarios. Our consultants develop this tools and exploits on C/C++, Assembly, Python, Perl, Ruby, amongst others.

We’ve discovered and published vulnerabilities in major mobile applications and devices, such as iOS, Android, Google, Microsoft, Good For Enterprise and Uber. More information on our research in mobile security, among others, can be found here.

Consulting solutions

360º Security
Review

Read more
PenTesting Persistente (MSP)

Cybersecurity newsletter

Do you want to receive our newsletter?

Subscribe here

Contact us.

Headquarters

Edifício Atrium Saldanha
Praça Duque de Saldanha, nº 1, 2º andar
1050-094, Lisboa | Portugal
T: +351 21 33 03 740
E: info@integrity.pt

And we are present in 18 more countries across EMEA.
world map
 




Cookie Consent X

Devoteam Cyber Trust S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.