eShard’s security experts performing the penetration tests apply real-life attacks, as if they were performed by an adversary/attacker. The penetration testers identify and combine seemingly inconspicuous vulnerabilities to develop exploitable attack paths into the target system and to the core assets like personal data, banking account data, health data etc. Customized penetration testing requires state-of-the-art knowledge, experiences, imagination, creativity and intuition, like any other arts.
To analyse the complexities of a system in depth, eShard performs penetration tests in a team and as a company: depending on the required skill set, the pentest is performed by a team of experts in e.g. cryptography or reverse engineering. They have a track record in security testing of ATMs, IoT, healthcare devices, SmartCards, ICs, Banking & Payment environments. Our pentest team members dedicate a significant amount of their time to research, which enables us to provide state-of-the-art services.
The mobile application penetration test is performed by eShard team members who analyze the implementation and test attack paths. Since this is a time-consuming activity, eShard recommends performing MA PTs regularly (e.g. once a year) or in case of any significant change in the MA (e.g. new tools, major redesign). A good security policy is to test every in-between update of a mobile application by automated SAST, DAST and IAST mobile application security testing tools like esChecker to make sure that all protections are in place and available as desired.
The customized mobile application penetration test with eShard does not stop with a report and support during remediation. We provide additional recommendations on e.g. development & deployment processes to enhance development processes. eShard delivers its penetration testing projects using PMI PMBOK methodology.
Key to the success of any pentest is the well-defined scope and agreement on prerequisites. Wrong scoping bears the significant risk to devalue the results or it may result in a waste of time and extra costs. Real-world attackers don’t care about the scope of testing (and time). Determination and agreement on the scope is key to a successful and valuable penetration test.
eShard makes sure that scope is reasonable and agreed before the actual project starts, in accordance with PMI PMBOK project management methodology.
eShard shares its knowledge about within its esCoaching training solution which provides a pathway from the Android and iOS basics to the advanced techniques Our mission is to stay at the forefront in the security in software and ICs and share the knowledge which enables the customers to take preventive action themselves and enhance the protections built into their application.