Platform for Experts 
Mobile & Backend Security Testing 
Our Company 
Blog
Contact us
eShard
/
Risk Management For Mobile Applications

Risk Management for Mobile Applications

Mobile applications are the front door to your customers and provide access to your services. Since mobile applications process your customer’s personal or other sensitive information (e.g. your IP), they deserve the same level of attention as any other of your system in regard to their resiliency to attackers. Even worse: mobile applications may run and rely on uncontrolled and untrustworthy devices which could be unmaintained or rooted. As a result, regular mobile app security testing should be part of the risk management agenda.
Contact an expert

When to assess mobile application security?

There are some good practices when to test a mobile application, e.g.

  • after any significant change in the code
  • when results of last test are outdated and no longer acceptable
  • with the arrival of new attacks
  • to demonstrate compliance with internal or external requirements, e.g. OWASP, PSD2, PCI or GDPR.

This can be achieved by two different, but complementing approaches: automated testing and manual penetration testing.

Automated Mobile Application Security Testing (MAST)

Mobile Application Security Testing can be performed automatically using tools.

We have developed esChecker, a solution that offers a fast and interactive testing facility for the binary release candidate. esChecker can be seamlessly integrated into the CI/CD tool chain to validate that all protections required are available and effective before releasing the mobile application. Within one hour, you can determine that the app is meeting your security baseline.

Learn more

Manual Mobile Application Penetration Testing

Mobile app penetration tests start where automated mobile application security testing ends.

The mobile application penetration test analyzes the resistance of the implemented protections against real-life attacks and in-depth. With a penetration test, you gain detailed insights into and a rating of the resistance of the mobile application against an attacker.

Both testing approaches, automated and manual testing, are key components of balanced mobile applications risk management.

Learn more

Security testing customized to your requirements and needs

We perform mobile application security testing tailored to your needs and requirements. For this, we may take your and third-party requirements into account, e.g.

  • your customer’s and business partner’s requirements,
  • industry requirements (e.g. PCI, EMVCo, American Express, Mastercard and Visa requirements),
  • best practices (e.g. OWASP) or
  • legal requirements (GDPR, regulatory), to demonstrate your compliance with.

Or, we go beyond compliance requirements and perform an in-depth penetration test to determine the resiliency of your mobile app against attackers and risk of a compromise.

Request a free demo

Automated Mobile Application Security Testing

Interested in automated verification of protections in your mobile application and integration in your CI/CD?

Learn more about esChecker
Advanced Mobile App Penetration Testing

Are you looking for an in-depth mobile application penetration test to determine the risk of being compromised?

Learn about our solution
Advanced Backend Penetration Testing

A vulnerability in the mobile application API could correspond to a vulnerability in the backend.

Learn about our solution
Further your knowledge and learn new techniques

We share knowledge within our esCoaching training solution which provides a pathway from the Android and iOS basics to the advanced attacker techniques.

See more details

Coaching on Mobile Applications Security

Our mission is about staying at the forefront in attack techniques and sharing our knowledge with our customers to stay secure, as security is a concern of everybody.
Novice
Code Review of ARM Assembly Code
Coach: Tiana Razafindralambo
This module is dedicated to learning how to review ARM assembly code using reverse engineering tools such as IDA or GHIDRA.
See more details
Novice
Static Analysis of an Android application
Coach: Tiana Razafindralambo
This module mainly focuses on static analysis of an Android application. It is split in two parts: the first one focuses on the static analysis of the java code, and the second one on the native code. During this module, you will learn how to find entry points from where one can perform further analyses from the Java code to the Native one. Different techniques and tools will be demonstrated so you can practice.
Intermediate
Dynamic Analysis of an Android application
Coach: Tiana Razafindralambo
This modules focuses on dynamic analysis techniques. It is split in two parts: the first one is focused on tools and techniques that can be used for the Java code, and the second one for the native code. Trainees will learn how to debug an application using different alternatives, and also how to instrument the code using FRIDA.

Interested?

Request a free demo

Blog Articles

Software Security

iOS Crackme: an efficient way to learn by doing

7 min read
Edit by Lesecque Yorick Sep 30, 2020
CopyRights eShard 2022.
All rights reserved
Privacy policy | Legal Notice
PLATFORM FOR EXPERTS
Side Channel AnalysisLaser & EM Fault InjectionFirmware Security AnalysisSecurity Failure AnalysisVulnerability Research
PROFESSIONAL SERVICES