In "black box" penetration testing, we analyse the behaviour of apps as they run.
This reveals insecure behaviour and practices that a hacker could exploit.
We do this using meticulously-researched OWASP lists of most common vulnerabilities, combined with our own unique software and tools.
Android app
iOS app
Web app
API endpoints
Authentication system
Dynamic Application Security Testing (DAST) provides fast results, usually in days rather than weeks or months. It can reveal problems such as:
Allows an attacker to gain access to a user's account without their knowledge
Divulges user information to an attacker
Allows an attacker to spy on information being sent to/from the cloud, and read stored data
Allows attakers to gain access to your intellectual property or bypass paywalls
And many more...We mimic a real hacker by following a "zero-knowledge" (or "black box") approach. This means we begin work without knowing anything about your app or its architecture, allowing us to report back what can be revealed through careful analysis rather than insider knowledge.
We work with your development team to suggest solutions to any security issues raised. Our team are fully qualified Android, iOS and web app developers, and we are often able to implement the solutions, too. This keeps your own development team where they should be, innovating.
Penetration testing covers the basics, and gives you a degree of comfort that the most obvious issues are handled. But it is limited. For example, it would be very unlikely to uncover issues in file format handling which could lead to an attacker to gain practically full control over your app.
To discover the more complex issues, requires expert code analysis.
An application penetration test is a consultant-led analysis of your web or mobile application to uncover and identify any vulnerabilities your application may have which makes it susceptible to hackers.
Pen testing tools are good at what they do, we even use them for some aspects of pen testing. However, automated tools do not always catch all vulnerabilities which is where our expert pen testers come in with years of industry knowledge and practical experience.
The sky is the limit, our consultants are highly experienced at the initial scoping and we can provide you with an accurate estimation on the timeframe we can get you results.
Once we have completed penetration testing on your mobile or web application, we will share a report with you so you can action any issues we have found. Using our pen testing services will speed up your development time to allow you to work on making your app better whilst we do the heavy lifting of reviewing your code.
We are based in Hampshire, UK, with clients all over the world. For a free 20 minute consultation, please enter your details here.