Mobile and desktop application penetration testing
Mobile or desktop application penetration test is simulated attack against your application which aims to uncover weak points in its cyber security. Outcome of such penetration test is a comprehensive report and presentation that summarizes all security vulnerabilities found in your application and outlines optimal strategy to mitigate them.
Auxilium Cyber Security has experience testing broad range of mobile and desktop applications from Android mobile applications, through Windows applications to Linux applications.
Objective
Main goal of penetration test is to address vulnerabilities of your application and propose adequate steps to mitigate them.
Methodology for testing mobile and desktop applications
During mobile application penetration tests, we use industry standard OWASP Mobile Security Top 10 framework. That enables us to test your application to all common vulnerabilities, specifically:
- M1: Improper Platform Usage
- M2: Insecure Data Storage
- M3: Insecure Communication
- M4: Insecure Authentication
- M5: Insufficient Cryptography
- M6: Insecure Authorization
- M7: Client Code Quality
- M8: Code Tampering
- M9: Reverse Engineering
- M10: Extraneous Functionality
During mobile application penetration tests, we use industry standard OWASP Mobile Security Top 10 framework. That enables us to test your application to all common vulnerabilities, specifically:
Our approach to mobile and desktop penetration tests
1. Understanding our client
We start by gaining close understanding of our client’s business and technical needs as well as gathering information about web application itself, mainly its functionality and architecture.2. Agreement on commercial offer
Detailed commercial offer is prepared based on our understanding of your needs and requirements. Such offer includes penetration test methodology, testing scenarios, way of reporting results and the scope of the penetration tests. Outcome of this phase formally agreed penetration testing offer.3. Penetration testing
Penetration test itself is carried out strictly in accordance with our common agreement. During the actual penetration testing our team reveals vulnerabilities in your application and demonstrate you how they can be misused by a hacker.4. Reporting
We deliver detailed penetration testing report to your team. Such report includes all vulnerabilities together with suggestions on how to mitigate them. If required, we can also prepare executive summary presentation for your management to help you efficiently communicate such results to company decision-makers5. Assistance with vulnerability mitigation
If your company has limited internal capacity, we can provide a support with mitigation of identified vulnerabilities.6. Educating your dev team
We can also prepare tailor-made secure coding guidelines and training for your dev team which would reflect results of performed penetration test. This would help your team to avoid making same security mistakes again.Why Auxilium Cyber Security?
- Experienced penetration testers with OSCP, OSCE or CISM certification
- Conducting in-house research in the cyber security field
- We deliver comprehensive penetration testing reports with proposed vulnerability mitigations
- We can support you in English, German, or Czech
- We have experiences with web applications penetration testing since 2015
- We can provide secure coding guidelines and training reflecting penetration test results
Our research in the area of cyber security of applications
- Virus harvesting Czech eID card identities
- [CVE-2020-26800] Stack based buffer overflow while parsing JSON file in Aleth C++ Ethereum client
Selected reference in mobile and desktop penetration testing
- Asseco Solutions: Penetration test of mobile application for Android
- Asseco Solutions: Penetration test of desktop application for Windows
Telefon
Germany: +49 (0) 7243 - 718 77 55Czech Republic: +420 739 467 470
Adresse
76275 Ettlingen
Germany
17000 Prague
Czech Republic