> Side Channel Analysis
Ready-to-use side channel tools to assess cryptography algorithms.
> Laser & EM Fault Injection
Make sure your chip withstands different techniques of physical fault injections.
> Firmware Security Analysis
Qualify embedded code binaries without physical devices and benches.
> Security Failure Analysis
Photoemission analysis to explore internal information in a chip.
> Vulnerability Research
Dynamic analyses at a system level for investigating potential vulnerabilities.
> Data Science Platform
esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.
> esFirmware Engine
Assess the security of the firmware of IoT devices against logical and physical attacks.
> esReven Engine
Record and replay vulnerability researches within reverse engineering processes and tools.
> Cybersecurity Training
Grow your expertise with training modules driven by a coach.
> Hardware Evaluation Lab
High-end laboratory capabilities specialized in hardware security evaluations.
> Mobile App Security
Know the threats and risks of your Mobile App.
Integrate the security protections verification in your CI/CD pipeline.
> Mobile App Security Testing (MAST)
esChecker SaaS: automating the security testing of your mobile app binary.
> Mobile App Penetration Testing
Testing the resiliency of your Mobile App, SDK or RASP tool.
> Backend Penetration Testing
Testing the resiliency of your Web App, API or Backend Systems.
> Coaching for Mobile App Developers
Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.
We identify vulnerabilities and attack paths in the mobile app that can be exploited to gain access to critical information. The complexity of an attack and resiliency of a mobile app is measured in days which is a key determinator of the actual risk. Another is related to the nature of an attack and the question whether an attack is limited to a single device, e.g. because an attack assumes physical access to the device, or whether it can be mounted remotely.
Attacks with remote access to the device or the mobile app require particular attention, because these attacks can be applied to a large number of devices at a time and entailing the risk of a compromise at scale.
We perform penetration tests and consider the specific threats to mobile apps on iOS or Android platforms, such as:
For that, we use advanced tools and apply state-of-the-art techniques to gain access to the assets, e.g. personal data, banking account and payment data, health data, cryptographic keys, tokens, code etc. Depending on the objectives, we consider solely the mobile app binary (black box) or the binary in combination with its security design (gray box) and/or source code (white box).
A penetration test typically includes Reverse Engineering techniques such as:
to analyze the code and tamper with the mobile app, at rest and at runtime.
Like real attackers, to disable the various security protections and gaining access to the assets, we use an arsenal of tools like Apktool, JADX, JEB, QEMU, Unicorn, Ghidra, Frida, IDA Pro, angr, etc.
To analyze the resilience of a mobile app or a component (SDK or software protection tool) against an advanced attacker, we perform a penetration test in a team: depending on the specific skills required, the pentesters are supported by a team of experts in other subject matters.
We have a proven track record in Security Testing and Reverse Engineering of: