Security in Integrated Circuit 
Company 
Blog
Contact us
eShard
/
Pentesting Mobileapp

Pentesting - Mobile App

Mobile applications do not operate standalone but are the front door and user interface to a backend eco-system, often running on top of uncontrolled and untrusted devices (e.g. not maintained or deliberately rooted). Therefore, mobile applications deserve/require special attention in regard to their robustness, protection and scalability of attacks.

Customized mobile application penetration testing is an art

eShard’s security experts performing the penetration tests apply real-life attacks, as if they were performed by an adversary/attacker. The penetration testers identify and combine seemingly inconspicuous vulnerabilities to develop exploitable attack paths into the target system and to the core assets like personal data, banking account data, health data etc. Customized penetration testing requires state-of-the-art knowledge, experiences, imagination, creativity and intuition, like any other arts.

MA penetration tests require expertise and experiences

To analyse the complexities of a system in depth, eShard performs penetration tests in a team and as a company: depending on the required skill set, the pentest is performed by a team of experts in e.g. cryptography or reverse engineering. They have a track record in security testing of ATMs, IoT, healthcare devices, SmartCards, ICs, Banking & Payment environments. Our pentest team members dedicate a significant amount of their time to research, which enables us to provide state-of-the-art services.

How to validate mobile application security?

The mobile application penetration test is performed by eShard team members who analyze the implementation and test attack paths. Since this is a time-consuming activity, eShard recommends performing MA PTs regularly (e.g. once a year) or in case of any significant change in the MA (e.g. new tools, major redesign). A good security policy is to test every in-between update of a mobile application by automated SAST, DAST and IAST mobile application security testing tools like esChecker to make sure that all protections are in place and available as desired.

Mobile application penetration test as a service

The customized mobile application penetration test with eShard does not stop with a report and support during remediation. We provide additional recommendations on e.g. development & deployment processes to enhance development processes. eShard delivers its penetration testing projects using PMI PMBOK methodology.

What are the must-haves of a mobile application penetration test?

Key to the success of any pentest is the well-defined scope and agreement on prerequisites. Wrong scoping bears the significant risk to devalue the results or it may result in a waste of time and extra costs. Real-world attackers don’t care about the scope of testing (and time). Determination and agreement on the scope is key to a successful and valuable penetration test.

eShard makes sure that scope is reasonable and agreed before the actual project starts, in accordance with PMI PMBOK project management methodology.

Interested in advancing your knowledge and applying state-of-the-art attacks techniques yourself?

eShard shares its knowledge about within its esCoaching training solution which provides a pathway from the Android and iOS basics to the advanced techniques Our mission is to stay at the forefront in the security in software and ICs and share the knowledge which enables the customers to take preventive action themselves and enhance the protections built into their application.

Interested?

Contact us
© eShard 2021. All rights reserved
Privacy policy | Legal Notice
Bâtiment GIENAH
11 avenue de Canteranne
33600 PESSAC
France
7 rue Gaston de Flotte
13012 MARSEILLE
France
#04-01 Paya Lebar Quarter
1 Paya Lebar Link
SINGAPORE 408533
eShard GmbH
Lebacher Str. 4
66113 Saarbrücken
Germany