Security in Integrated Circuit 
Blog
Contact us
eShard
/
Risk Management For Mobile Applications

Risk Management for Mobile Applications

Mobile applications are the front door to your customers and provide access to your services. Since mobile applications process your customer’s personal or other sensitive information (e.g. your IP), they deserve the same level of attention as any other of your system in regard to their resiliency to attackers. Even worse: mobile applications may run and rely on uncontrolled and untrustworthy devices which could be unmaintained or rooted. As a result, regular mobile app security testing should be part of the risk management agenda.
Contact an expert

When to assess mobile application security?

There are some good practices when to test a mobile application, e.g.

  • after any significant change in the code
  • when results of last test are outdated and no longer acceptable
  • with the arrival of new attacks
  • to demonstrate compliance with internal or external requirements, e.g. OWASP, PSD2, PCI or GDPR.

This can be achieved by two different, but complementing approaches: automated testing and manual penetration testing.

Automated Mobile Application Security Testing (MAST)

Mobile Application Security Testing can be performed automatically using tools.

We have developed esChecker, a solution that offers a fast and interactive testing facility for the binary release candidate. esChecker can be seamlessly integrated into the CI/CD tool chain to validate that all protections required are available and effective before releasing the mobile application. Within one hour, you can determine that the app is meeting your security baseline.

Learn more

Manual Mobile Application Penetration Testing

Mobile app penetration tests start where automated mobile application security testing ends.

The mobile application penetration test analyzes the resistance of the implemented protections against real-life attacks and in-depth. With a penetration test, you gain detailed insights into and a rating of the resistance of the mobile application against an attacker.

Both testing approaches, automated and manual testing, are key components of balanced mobile applications risk management.

Learn more

Security testing customized to your requirements and needs

We perform mobile application security testing tailored to your needs and requirements. For this, we may take your and third-party requirements into account, e.g.

  • your customer’s and business partner’s requirements,
  • industry requirements (e.g. PCI, EMVCo, American Express, Mastercard and Visa requirements),
  • best practices (e.g. OWASP) or
  • legal requirements (GDPR, regulatory), to demonstrate your compliance with.

Or, we go beyond compliance requirements and perform an in-depth penetration test to determine the resiliency of your mobile app against attackers and risk of a compromise.

Request a free demo

Automated Mobile Application Security Testing

Interested in automated verification of protections in your mobile application and integration in your CI/CD?

Learn more about esChecker
Advanced Mobile App Penetration Testing

Are you looking for an in-depth mobile application penetration test to determine the risk of being compromised?

Learn about our solution
Advanced Backend Penetration Testing

A vulnerability in the mobile application API could correspond to a vulnerability in the backend.

Learn about our solution
Further your knowledge and learn new techniques

We share knowledge within our esCoaching training solution which provides a pathway from the Android and iOS basics to the advanced attacker techniques.

See more details

Coaching on Mobile Applications Security

Our mission is about staying at the forefront in attack techniques and sharing our knowledge with our customers to stay secure, as security is a concern of everybody.
Novice
Static Analysis of an Android application
Coach: Tiana Razafindralambo
This module mainly focuses on static analysis of an Android application. It is split in two parts: the first one focuses on the static analysis of the java code, and the second one on the native code. During this module, you will learn how to find entry points from where one can perform further analyses from the Java code to the Native one. Different techniques and tools will be demonstrated so you can practice.
See more details
Novice
Code Review of ARM Assembly Code
Coach: Tiana Razafindralambo
This module is dedicated to learning how to review ARM assembly code using reverse engineering tools such as IDA or GHIDRA.
Intermediate
Dynamic Analysis of an iOS application
Coach: Tiana Razafindralambo, Yorick Lesecque
In this module, you will get knowledge on dynamic analysis techniques to understand the inner workings of an iOS application. You will see the different steps of analysing an application at runtime from the repackaging process of an application to the use of an instrumentation framework.

Interested?

Request a free demo

Blog Articles

Software Security

iOS Crackme: an efficient way to learn by doing

7 min read
Edit by Lesecque Yorick Sep 30, 2020
© eShard 2021. All rights reserved
Privacy policy | Legal Notice
Bâtiment GIENAH
11 avenue de Canteranne
33600 Pessac
France
eShard Nudge
7 rue Gaston de Flotte
13012 Marseille
France
eShard GmbH
Beethovenallee 21
53173 Bonn
Germany
Paya Lebar Quarter
#04-01 Paya Lebar Link
408533
Singapore