Mobile Application Audit

Test your Mobile Applications

Get to know the vulnerabilities of your mobile application. An audit helps to secure the communication of your mobile app with your back-end and thus prevents attacks like Man-In-The-Middle. Ensure, that your customer's data is secure by simulating attacks on your mobile infrastructure and identifying issues early.


The vast spreading of mobiles, tablets, wearables and other mobile devices resulted in a big market for mobile applications. Those apps often have a broad spectrum of goals like entertainment, financial or business transactions or even providing remote access to a company's network. Usually such tasks come along with an infrastructure consisting of a mixture of different technologies like an application servers, back-end as a service (BaaS) or a service oriented architecture (SOA). These middleware applications usually provide authentication services, file access, different web services or access to databases using a set of interfaces (APIs). Making such an API accessible via internet, can lead to new security related threats. As a consequence, new attack vectors which not only focus on the mobile application itself, but also on the middleware with its services.

By providing mobile application audits we simulate targeted attacks and expose vulnerabilities of your mobile infrastructure. It covers the named middleware as well as the mobile application itself. It is possible to attack from the perspective of an external adversary and of a traditional application user.

During the audit, you get regular reports, that keep you up-to-date and informed about the ongoing steps. In the very end, you get a final report that contains all the details about issues, their rating and how to come by. Every issue is prioritized, which makes it easier to decide about your next step.


A mobile application audit is a security audit where the following properties apply.

What can be tested

Mobile applications and their operating environment (e.g. Android, iOS)

Basis of information

White-, grey- or blackbox


External or internal


Direct attack attempts or covert attack


Full or focused (concentrate on specific aspects of security)


Passive, polite, aggressive or paranoid

Get more InformationContact