Risk Management - Mobile Applications
When to test a mobile application?
You should security test your mobile application to avoid regression, e.g. if
- Your code has changed because of functional enhancement or bug fixing
- New attacks that may impact your mobile app have been published
- Your internal security policy requires so
- You need to demonstrate compliance with third party requirements. There are two different but complementing approaches for mobile application security testing: automated testing and penetration testing.
Automated Mobile Application Security Testing
Mobile Application Security Testing can be performed automatically using tools. eShard has developed its comprehensive esChecker SaaS solution which provides fast static, dynamic and interactive testing. esChecker can be seamlessly integrated into the CI/CD tool chain to ensure that all required protections are available and effective before releasing a mobile application. Within one hour, you can make sure that the app is meeting your security baseline.
Our customized Mobile Application Penetration Testing starts where automated tools end
A mobile app penetration test starts where automated static, dynamic and interactive mobile application security testing tools end. The mobile application penetration test analyzes the resistance of the implemented protections against real-life attacks and in-depth. The penetration test provides detailed insights into the resistance of the mobile application and a rating of the effectiveness of its protections in regard to real-life attacks.
Security testing customized to your requirements and needs
We perform mobile application security testing customized to your expectations and requirements. For this, we may take third-party requirements into account, e.g.
- your customer’s policies and requirements,
- Industry requirements (e.g. PCI, EMVCo, American Express, Mastercard and Visa requirements),
- best practices (e.g. OWASP) or
- legal requirements (GDPR, regulatory). to demonstrate your compliance with.Additionally, we perform mobile application penetration tests that go even beyond compliance requirements, customized to your requirements and expectations.
Interested in automated checking of protection in mobile applications and integration in your CI/CD toolchain?
The customized mobile application penetration test builds upon the results of eShard’s automated mobile application testing (MAST) solution esChecker. For learning about the automated testing of the protections, click down below:
Advanced Backend Penetration Testing
A vulnerability in the mobile application API often corresponds to/is mirrored by a vulnerability in the backend systems and backend applications. These dependencies/these ties, an Adv.Mob.App. Pen.Test. is often augmented/complemented by an advanced penetration test of the backend systems and web applications, as both ends are connected and share the same API.
Interested in advancing your knowledge and learning about state-of-the-art attack techniques?
eShard shares its knowledge within its esCoaching training solution which provides a pathway from the Android and iOS basics to the advanced techniques. Our mission is about staying at the forefront in software and ICs security and helping our customers to get or remain there, as security shall be a concern of everybody.