What is it about?
They are now widely used as the devices from which they take their name: the “mobile apps” to provide services, to the public or to a selected user. With obvious advantages: ease of use, immediate availability, constant contact, strengthening of the brand, personalised and geolocalised services.
But just as the app is a convenient gateway to the digital assets of the organisation, it can also become a weak point: because of the intellectual property it contains, and its function as an external node of the network.
CryptoNet Labs’ Mobile App Penetration Test service aims to emulate an attack that searches for and detects these weaknesses and exploits them to its advantage.
Our experts examine both the app in its environment (the device) and the interaction with back-end systems.
The test is performed through static and dynamic analysis of the code, applying reverse engineering techniques, intercepting calls to the operating system and to all network connections; verifying every input validation mechanism and checking the amount of back-end security (see Offensive Security at Network and Web Services level).
Who can benefit from it
Any company or organisation that uses proprietary or externally developed mobile apps: the test is an efficient tool to verify information provided by third parties and limit the risk of attacks on devices often not controlled by the corporate IT.