The vast spreading of mobiles, tablets, wearables and other mobile devices resulted in a big market for mobile applications. Those apps often have a broad spectrum of goals like entertainment, financial or business transactions or even providing remote access to a company's network. Usually such tasks come along with an infrastructure consisting of a mixture of different technologies like an application servers, back-end as a service (BaaS) or a service oriented architecture (SOA). These middleware applications usually provide authentication services, file access, different web services or access to databases using a set of interfaces (APIs). Making such an API accessible via internet, can lead to new security related threats. As a consequence, new attack vectors which not only focus on the mobile application itself, but also on the middleware with its services.
By providing mobile application audits we simulate targeted attacks and expose vulnerabilities of your mobile infrastructure. It covers the named middleware as well as the mobile application itself. It is possible to attack from the perspective of an external adversary and of a traditional application user.
During the audit, you get regular reports, that keep you up-to-date and informed about the ongoing steps. In the very end, you get a final report that contains all the details about issues, their rating and how to come by. Every issue is prioritized, which makes it easier to decide about your next step.
A mobile application audit is a security audit where the following properties apply.
Mobile applications and their operating environment (e.g. Android, iOS)
White-, grey- or blackbox
External or internal
Direct attack attempts or covert attack
Full or focused (concentrate on specific aspects of security)
Passive, polite, aggressive or paranoid