Auditing Solutions

HOME OUR SOLUTIONS MOBILE APPLICATION PENETRATION TESTING

MOBILE APPLICATION PENETRATION TESTING


In recent years, there has been a greater tendency to assess mobile application security as it is a growing market and quickly becoming a prime communication channel between businesses and customers. When an application is developed, the developers do not always have security best practices in mind and frequently focus only on the functional components of their applications.

INTEGRITY proposes to carry out penetration tests that include the security of client applications installed on mobile devices and of the backend services that support them. In this sense, INTEGRITY proposes a holistic analysis to the mobile application's security.

INTEGRITY offers a comprehensive approach to Mobile Testing based on 12+ years of experience in PenTesting. We bring proven best practices to every testing engagement and have delivered our services across 5 continents.


MOBILE TESTING ACTIVITIES


Our mobile application testing activities include:

Information Gathering
Configuration Management Testing
Authentication Testing

Session Management
Authorization Testing
Business Logic Testing

Data Validation Testing
Web Services Testing
AJAX Testing

These activities are all based on the OWASP’s Top 10 Mobile Risks, which provide a solid foundation for any security analysis.

Benefits:

Reduce considerably the security risk levels

Reduce the risks associated with the loss of confidential information

Improve your organisation's credibility and reputation

Direct interaction with our knowledgeable experts who can provide insights into whatever question

WHY INTEGRITY'S MOBILE TESTING SERVICE?


With vast experience in delivering extensive testing solutions across diverse industries, we have gained unmatched expertise in addressing end-to-end testing requisites that ensure complete test scope and enables the performance of software while significantly reducing the risk.

We have in place an excellent team of certified professionals that have more than 12 years of experience in Pen-Testing and will act, according to the scope of the service, as the Security Assessment Team.


Qualifications:

Offensive Security Certified Professional (OSCP)
Offensive Security Wireless Professional (OSWP)
GIAC Certified Penetration Tester (GPEN)

eLearnSecurity Mobile Application Penetration Tester (eMAPT)
eLearnSecurity Web application Penetration Tester eXtreme (eWPTX)

Certified Information Systems Security Professional (CISSP)
ISO 27001 Lead Auditor BSI
Certified Information Systems Auditor (CISA)


We would like to emphasize that during the course of a penetration test, tools are usually used as accelerators on the process of identification and exploitation of vulnerabilities, although, it is the knowledge and experience of the consultants that allows the achievement of the effectiveness of the penetration test. The tools, just by themselves, without the adequate usage and interpretation, do not generate the expected results.

Our team was responsible for porting the iOS introspy security assessment tool to iOS 9, and is the current maintainer, have also contributed to other tools such as the needle framework.

There are also complex scenarios in which, our team develop plugins or custom made tools in order to exploit those scenarios. Our consultants develop this tools and exploits on C/C++, Assembly, Python, Perl, Ruby, amongst others.

We’ve discovered and published vulnerabilities in major mobile applications and devices, such as iOS, Android, Google, Microsoft, Good For Enterprise and Uber. More information on our research in mobile security, among others, can be found here.


CONTACTS

Portugal

Av. João Crisóstomo, n.º 30, 5º
1050-127, Lisboa | Portugal
T: +351 21 33 03 740
E: info@integrity.pt

United Kingdom

Suite 4B
43 Berkeley Square
Mayfair, Westminster
London, W1J 5FJ | United Kingdom
T: +44 20 3318 0800