In recent years, there has been a greater tendency to assess mobile application security as
is a growing market and quickly becoming a prime communication channel between businesses
customers. When an application is developed, the developers do not always have security best
practices in mind and frequently focus only on the functional components of their
Devoteam Cyber Trust proposes to carry out penetration tests that include the security of client's
applications installed on mobile devices and on the backend services that support them.
In this sense, Devoteam Cyber Trust proposes a holistic analysis to the mobile application's security.
Devoteam Cyber Trust offers a comprehensive approach to Mobile Testing based on 12+ years of experience
PenTesting. We bring proven best practices to every testing engagement and have delivered
services across 5 continents.
Mobile Testing Activities
Our mobile application testing activities include:
Configuration Management Testing
Business Logic Testing
Data Validation Testing
Web Services Testing
These activities are all based on the OWASP’s Top 10 Mobile Risks, which provide a solid
foundation for any security analysis.
Reduce considerably the security risk levels
Reduce the risks associated with the loss of confidential information
Improve your organisation's credibility and reputation
Direct interaction with our knowledgeable experts who can provide insights into whatever
Why Devoteam Cyber Trust's Mobile Testing Service?
With vast experience in delivering extensive testing solutions across diverse industries, we
have gained unmatched expertise in addressing end-to-end testing requisites that ensure
test scope and enables the performance of software while significantly reducing the risk.
We have in place an excellent team of certified professionals that have more than 12 years
experience in Pen-Testing and will act, according to the scope of the service, as the
Offensive Security Certified Professional (OSCP)
Offensive Security Wireless Professional (OSWP)
GIAC Certified Penetration Tester (GPEN)
eLearnSecurity Mobile Application Penetration Tester (eMAPT)
eLearnSecurity Web application Penetration Tester eXtreme (eWPTX)
Certified Information Systems Security Professional (CISSP)
ISO 27001 Lead Auditor BSI
Certified Information Systems Auditor (CISA)
We would like to emphasize that during the course of a penetration test, tools are usually
as accelerators on the process of identification and exploitation of vulnerabilities,
it is the knowledge and experience of the consultants that allows the achievement of the
effectiveness of the penetration test. The tools, just by themselves, without the adequate
usage and interpretation, do not generate the expected results.
Our team was responsible for porting the iOS introspy security assessment tool to iOS 9,
the current maintainer, have also contributed to other tools such as the needle
There are also complex scenarios in which, our team develops plugins or custom made tools
in order to exploit those scenarios. Our consultants develop this tools and exploits on
C/C++, Assembly, Python, Perl, Ruby, amongst others.
We’ve discovered and published vulnerabilities in major mobile applications and devices,
as iOS, Android, Google, Microsoft, Good For Enterprise and Uber. More information on our
research in mobile security, among others, can be found
Offensive Security projects are customized according to the
needs and aims of our clients. They can be
technical component, processes, people or more
broadly combined context oriented. They can also
be oriented to deal with questions related to
compliance or regulation.
Devoteam Cyber Trust proposes to carry out penetration tests
that include the security of client's applications
installed on mobile devices and on the backend
services that support them. In this sense, Devoteam Cyber Trust
proposes a holistic analysis to the mobile
ISO/IEC 27001 is the best-known standard in the
requirements for establishing, implementing,
continually improving an information security
(ISMS) within the context of the organisation.
ISO 27701 provides specific requirements and guidance for continuously establishing,
implementing, maintaining, and improving a Privacy Information Management System (PIMS)
as an extension of the Information Security Management System (ISMS) defined in ISO 27001.
Preparation of a corporate governance model that
adopt and comply with all recommendations and
as policies, accountability frameworks,
monitoring and control
processes and mechanisms) is a pressing concern.
Through the use of Risk Management software,
often will uncover more systemic issues, and
to not only prioritize events by risk, but also
report on those
risks to foster continuous improvement.
IntegrityGRC works with upper levels of
management to ensure
strategies are in place to deal with compliance
they occur before the reputation and integrity
of the company
and its staff are jeopardized.
In order to support organisations, Devoteam Cyber Trust
360º Security Review, a holistic service to
provide current and
multidisciplinary status on the maturity, risks,
of the organisation in different vectors.
IntegrityGRC is a platform that helps
organisations to manage
their processes, risk and compliance in a
structured way. Our
platform creates a close link between the
its management and its operational practice,
control of the Organisation’s Information
Specially designed to meet all 27001
requirements and effectively
support your information security program. 27001
security effectively and helps obtaining
compliance as the result
of this seamless link. It contemplates features
that allow knowing
both the big picture and the details required by
the ISMS, at
Infosec Rating is a Solution that allows you to
manage your third-party risk.
Through this Solution it is possible to support
a continuous process of
improvement and risk reduction, also providing
Companies usually hire Pen-Testing once a year
to test their Security.
At KEEP-IT-SECURE-24 we test your Security in a
and provide you a cost-effective model in a
Managed Service approach.
Given the dynamics that applications and
infrastructures require these
days, testing your Security once a year is a
poor approach to your
company’s Security. Find out about the other
features that make our
It's a dynamic and continuous Consulting Service designed to meet the requirements of ISO 27001. It's supported by IntegrityGRC Platform to withstand and maintain the desired goal in the Information Security Management context.
The track of Secure Development is composed of
that aim to equip development professionals with
practices, addressing practical cases, common
as well as the best practices to adopt in this
Application development errors are the source of
number of Security vulnerabilities.