Platform for Experts 
Reconciling how and how in a single and collaborative platform empowering experts.
SOLUTIONS

  • > Side Channel Analysis

    Ready-to-use side channel tools to assess cryptography algorithms.

  • > Laser & EM Fault Injection

    Make sure your chip withstands different techniques of physical fault injections.

  • > Firmware Security Analysis

    Qualify embedded code binaries without physical devices and benches.

  • > Security Failure Analysis

    Photoemission analysis to explore internal information in a chip.

  • > Vulnerability Research

    Dynamic analyses at a system level for investigating potential vulnerabilities.

TECHNOLOGIES

  • > Data Science Platform

    esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.

  • > esFirmware Engine

    Assess the security of the firmware of IoT devices against logical and physical attacks.

  • > REVEN Engine

    Record and replay vulnerability researches within reverse engineering processes and tools.

PROFESSIONAL SERVICES

  • > Cybersecurity Training

    Grow your expertise with training modules driven by a coach.

Mobile & Backend Security Testing 
⬇️ Get the full report of the Security Benchmark of the Top 100 European Banking Apps.
EXPERTISE

  • > Mobile App Security

    Know the threats and risks of your Mobile App.

  • > DevSecOps

    Integrate the security protections verification in your CI/CD pipeline.

SOLUTIONS

  • > Automated Mobile App Security Testing

    esChecker SaaS: automating the security testing of your mobile app binary.

  • > Mobile App Penetration Testing

    Testing the resiliency of your Mobile App, SDK or RASP tool.

  • > Backend Penetration Testing

    Testing the resiliency of your Web App, API or Backend Systems.

PROFESSIONAL SERVICES

  • > Coaching for Mobile App Developers

    Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.

Our Company 
October is Cybersecurity Awareness Month - and our team of Software Security will be at a few events.
OUR COMPANY

  • > Our offices

  • > Events

CARREERS

  • > Meet our experts

  • > Open positions

    Join our team!

FOLLOW US
Blog
Contact us
eShard
/
Risk Management For Mobile Applications

Risk Management for Mobile Applications

Mobile applications are the front door to your customers and provide access to your services. Since mobile applications process your customer’s personal or other sensitive information (e.g. your IP), they deserve the same level of attention as any other of your system in regard to their resiliency to attackers. Even worse: mobile applications may run and rely on uncontrolled and untrustworthy devices which could be unmaintained or rooted. As a result, regular mobile app security testing should be part of the risk management agenda.
Contact an expert

When to assess mobile application security?

There are some good practices when to test a mobile application, e.g.

  • after any significant change in the code
  • when results of last test are outdated and no longer acceptable
  • with the arrival of new attacks
  • to demonstrate compliance with internal or external requirements, e.g. OWASP, PSD2, PCI or GDPR.

This can be achieved by two different, but complementing approaches: automated testing and manual penetration testing.

Automated Mobile Application Security Testing (MAST)

Mobile Application Security Testing can be performed automatically using tools.

We have developed esChecker, a solution that offers a fast and interactive testing facility for the binary release candidate. esChecker can be seamlessly integrated into the CI/CD tool chain to validate that all protections required are available and effective before releasing the mobile application. Within one hour, you can determine that the app is meeting your security baseline.

Learn more

Manual Mobile Application Penetration Testing

Mobile app penetration tests start where automated mobile application security testing ends.

The mobile application penetration test analyzes the resistance of the implemented protections against real-life attacks and in-depth. With a penetration test, you gain detailed insights into and a rating of the resistance of the mobile application against an attacker.

Both testing approaches, automated and manual testing, are key components of balanced mobile applications risk management.

Learn more

Security testing customized to your requirements and needs

We perform mobile application security testing tailored to your needs and requirements. For this, we may take your and third-party requirements into account, e.g.

  • your customer’s and business partner’s requirements,
  • industry requirements (e.g. PCI, EMVCo, American Express, Mastercard and Visa requirements),
  • best practices (e.g. OWASP) or
  • legal requirements (GDPR, regulatory), to demonstrate your compliance with.

Or, we go beyond compliance requirements and perform an in-depth penetration test to determine the resiliency of your mobile app against attackers and risk of a compromise.

Request a free demo

Automated Mobile Application Security Testing

Interested in automated verification of protections in your mobile application and integration in your CI/CD?

Learn more about esChecker
Advanced Mobile App Penetration Testing

Are you looking for an in-depth mobile application penetration test to determine the risk of being compromised?

Learn about our solution
Advanced Backend Penetration Testing

A vulnerability in the mobile application API could correspond to a vulnerability in the backend.

Learn about our solution
Further your knowledge and learn new techniques

We share knowledge within our esCoaching training solution which provides a pathway from the Android and iOS basics to the advanced attacker techniques.

See more details

Coaching on Mobile Applications Security

Our mission is about staying at the forefront in attack techniques and sharing our knowledge with our customers to stay secure, as security is a concern of everybody.
Novice
Code Review of ARM Assembly Code
Coach: Tiana Razafindralambo
This module is dedicated to learning how to review ARM assembly code using reverse engineering tools such as IDA or GHIDRA.
See more details
Novice
Static Analysis of an Android application
Coach: Tiana Razafindralambo
This module mainly focuses on static analysis of an Android application. It is split in two parts: the first one focuses on the static analysis of the java code, and the second one on the native code. During this module, you will learn how to find entry points from where one can perform further analyses from the Java code to the Native one. Different techniques and tools will be demonstrated so you can practice.
See more details
Intermediate
Dynamic Analysis of an Android application
Coach: Tiana Razafindralambo
This modules focuses on dynamic analysis techniques. It is split in two parts: the first one is focused on tools and techniques that can be used for the Java code, and the second one for the native code. Trainees will learn how to debug an application using different alternatives, and also how to instrument the code using FRIDA.
See more details

Interested?

Request a free demo

Blog Articles

Software Security

iOS Crackme: an efficient way to learn by doing

7 min read
Edit by Lesecque Yorick Sep 30, 2020
CopyRights eShard 2022.
All rights reserved
Privacy policy | Legal Notice
PLATFORM FOR EXPERTS
Side Channel AnalysisLaser & EM Fault InjectionFirmware Security AnalysisSecurity Failure AnalysisVulnerability Research
SOLUTIONS FOR IC
Data Science PlatformesFirmware EngineREVEN Engine
MOBILE APP SECURITY TESTING
Automated Mobile App Security TestingPenetration Testing for Backend and WebAppPenetration Testing for Mobile ApplicationsDevSecOps
PROFESSIONAL SERVICES
Cybersecurity Training
COMPANY
About usJoin our team!EventsBlog