Mobile applications are being used more and more, as a complement to web applications. Therefore, they're also increasingly being targeted by attackers. We can audit your Android and iOS mobile applications with both a static and a dynamic analysis.
A mobile application audit can be broken down into two phases.
The prerequisite for this audit is to have the .apk (Android) or .ipa (iOS) installation file of the application. We can also retrieve the latest version of the application from the corresponding application store if you wish.
A mobile application often communicates with a server to exchange data. Unlike a web application, which is independent of the browser in which it runs, a mobile application is designed to meet a particular need. The big difference between web penetration testing and mobile application auditing is therefore in the reverse engineering phase and the analysis of the mobile application behavior.
The OWASP Top 10 periodically assesses the most common vulnerabilities encountered. Here is the 2016 ranking for mobile applications.
We use during our Android pentests and iOS pentests tools that are mainly open-source, with a high level of quality and a strong reputation in the cyber security community. We can quote, but not exhaustively:
Nous aimons mettre en avant la transparence des actions réalisées sur votre infrastructure. For this purpose, you will find in the appendix of our reports the list of tools that were used during the audit, as well as any script that we may have developed for a specific need.
Specialists in information security and pentest in Lyon, Paris, Saint-Etienne and throughout France
You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.