New technologies always pose new security risks and mobile computing is no exception. We help you eliminate attack opportunities on your mobile apps with a pentest.
Mobile App Penetration Testing is a process for evaluating the security of mobile applications - app for short. We perform mobile pentesting according to the OWASP Mobile Security Testing Guide. Digital business models, processing of sensitive information and secure handling of interoperability between different APIs make analysis essential.
Our mobile app penetration testers have a background in infrastructure and web penetration testing, a quality that is necessary for mobile app testing because almost every app communicates with a backend system. This expertise is essential because it allows us to test the full spectrum of native apps, hybrid apps, web apps, and progressive web apps.
We ensure that third-party use of user data such as messages, personal data, address books, location and movement profiles is not possible.
Our processes are aligned with the Federal Office for Information Security's (BSI) practical guide for pentests and with the EU's Data Protection Regulation (GDPR).
Basically, the longer our security engineers subject your app to a penetration test, the more meaningful the results. If you have special requirements, we will be happy to make you an individual offer.
The functional scope and security functions must be clearly defined and known for each component of the app. Most apps communicate with interfaces, so appropriate security standards must also be implemented for these API endpoints.
Protecting sensitive data such as user credentials and private information is a focus in mobile security. Data leaks can occur unintentionally in cloud data storage, backups or the keyboard cache. In addition, mobile devices can be more easily lost or stolen.
Cryptography is an essential cornerstone for protecting data stored on mobile devices. However, it is also a category where many things can go wrong, especially if standard conventions are not followed. The category is intended to ensure that a verified app uses cryptography best practices.
The purpose of this category is to ensure confidentiality and integrity of transmitted data between mobile app and remote server. To do this, a mobile app must establish a secure, encrypted channel for network communication using the TLS protocol with adequate TLS settings.
The requirements from this category are intended to ensure that platform components and standard components are used by the app in a secure manner. In addition, the requirements also cover the communication (IPC) between apps.
The goal of this category is to ensure that basic security practices are followed during app development and that the included compiler security features are enabled.
This category covers defense-in-depth measures recommended for apps that contain access to sensitive data or sensitive functionalities. If these measures are not implemented, this does not immediately lead to a vulnerability, but the measures increase the robustness of the app against attacks and reverse engineering.
Our employees regularly publish articles on the subject of IT security