In recent years, there has been a greater tendency to assess mobile application security as it
is a growing market and quickly becoming a prime communication channel between businesses and
customers. When an application is developed, the developers do not always have security best
practices in mind and frequently focus only on the functional components of their applications.
INTEGRITY proposes to carry out penetration tests that include the security of client
installed on mobile devices and of the backend services that support them. In this sense,
proposes a holistic analysis to the mobile application's security.
INTEGRITY offers a comprehensive approach to Mobile Testing based on 12+ years of experience in
PenTesting. We bring proven best practices to every testing engagement and have delivered our
services across 5 continents.
MOBILE TESTING ACTIVITIES
Our mobile application testing activities include:
Configuration Management Testing
Business Logic Testing
Data Validation Testing
Web Services Testing
These activities are all based on the OWASP’s Top 10 Mobile Risks, which provide a solid
foundation for any security analysis.
Reduce considerably the security risk levels
Reduce the risks associated with the loss of confidential information
Improve your organisation's credibility and reputation
Direct interaction with our knowledgeable experts who can provide insights into whatever question
WHY INTEGRITY'S MOBILE TESTING SERVICE?
With vast experience in delivering extensive testing solutions across diverse industries, we
have gained unmatched expertise in addressing end-to-end testing requisites that ensure complete
test scope and enables the performance of software while significantly reducing the risk.
We have in place an excellent team of certified professionals that have more than 12 years of
experience in Pen-Testing and will act, according to the scope of the service, as the Security
Offensive Security Certified Professional (OSCP)
Offensive Security Wireless Professional (OSWP)
GIAC Certified Penetration Tester (GPEN)
eLearnSecurity Mobile Application Penetration Tester (eMAPT)
eLearnSecurity Web application Penetration Tester eXtreme (eWPTX)
Certified Information Systems Security Professional (CISSP)
ISO 27001 Lead Auditor BSI
Certified Information Systems Auditor (CISA)
We would like to emphasize that during the course of a penetration test, tools are usually used
as accelerators on the process of identification and exploitation of vulnerabilities, although,
it is the knowledge and experience of the consultants that allows the achievement of the
effectiveness of the penetration test. The tools, just by themselves, without the adequate
usage and interpretation, do not generate the expected results.
Our team was responsible for porting the iOS introspy security assessment tool to iOS 9, and
the current maintainer, have also contributed to other tools such as the needle framework.
There are also complex scenarios in which, our team develop plugins or custom made tools in
order to exploit those scenarios. Our consultants develop this tools and exploits on C/C++,
Assembly, Python, Perl, Ruby, amongst others.
We’ve discovered and published vulnerabilities in major mobile applications and devices, such
as iOS, Android, Google, Microsoft, Good For Enterprise and Uber. More information on our
research in mobile security, among others, can be found
Av. João Crisóstomo, n.º 30, 5º
1050-127, Lisboa | Portugal
T: +351 21 33 03 740
43 Berkeley Square
London, W1J 5FJ | United Kingdom
T: +44 20 3318 0800
Calle Edgar Neville, 6
28020, Madrid | España
T: +34 91 73 73 417
Audit projects are customized according to the needs and aims
of our clients. They can be oriented either towards the technical
components, processes, people or more broadly combined contexts.
They can also be oriented to deal with questions related to
compliance or regulation.
INTEGRITY proposes to carry out penetration tests that include
the security of client applications installed on mobile devices
and of the backend services that support them. In this sense,
INTEGRITY proposes a holistic analysis to the mobile
ISO/IEC 27001 is the best-known standard in the family providing
requirements for establishing, implementing, maintaining and
continually improving an information security management system
(ISMS) within the context of the organisation.
Preparation of a corporate governance model that will help
adopt and comply with all recommendations and demands (such
as policies, accountability frameworks, monitoring and control
processes and mechanisms) is a pressing concern.
Through the use of Risk Management software, organizations will
often will uncover more systemic issues, and allow companies
to not only prioritize events by risk, but also report on those
risks to foster continuous improvement.
IntegrityGRC works with upper levels of management to ensure
strategies are in place to deal with compliance problems when
they occur before the reputation and integrity of the company
and its staff are jeopardized.
In order to support organisations, INTEGRITY introduces INTEGRITY
360º Security Review, a holistic service to provide current and
multidisciplinary status on the maturity, risks, and vulnerabilities
of the organisation in different vectors.
IntegrityGRC is a platform that helps organisations to manage
their processes, risk and compliance in a structured way. Our
platform creates a close link between the Security organisation,
its management and its operational practice, providing full
control of the Organisation’s Information Security Management.
Specially designed to meet all 27001 requirements and effectively
support your information security program. 27001 Manager operates
security effectively and helps obtaining compliance as the result
of this seamless link. It contemplates features that allow knowing
both the big picture and the details required by the ISMS, at
Infosec Rating is a Solution that allows you to manage your third-party risk.
Through this Solution it is possible to support a continuous process of
improvement and risk reduction, also providing analytical information
Companies usually hire Pen-Testing once a year to test their Security.
At KEEP-IT-SECURE-24 we test your Security in a continuously way
and provide you a cost-effective model in a Managed Service approach.
Given the dynamics that applications and infrastructures require these
days, testing your Security once a year is a poor approach to your
company’s Security. Find out about the other features that make our
The track of Secure Development is composed of different modules
that aim to equip development professionals with safe code
practices, addressing practical cases, common vulnerabilities,
as well as the best practices to adopt in this context.
Application development errors are the source of a considerable
number of Security vulnerabilities.