Available for iOS and Android applications
The purpose of this test is to find both standard and specific vulnerabilities in Mobile applications by using different static code/binary analysis tools, various dynamic analysis techniques and manual testing and verification of issues by CyResLab security researchers.
This test combines automated testing tools with a manual follow-up testing of the application with focus on key functionality and taking into account the client's security needs.
The service consists of an identification phase, where the application is mapped out and its different aspects / connections are identified and probed, and a testing phase, where a range of manual tests are performed for known vulnerabilities and standard attack vectors, such as insecure storage, improper cryptography usage, etc.
The client receives a report, listing the issues that have been discovered, along with a short assessment, including impact, attacker profile and total score, and suggested mitigation techniques (on an advisory level). CyResLab can offer further help in defining and applying corrective security measures, tailored towards the client's requirements.
- Scans by open-source tools
- Automated proprietary tools
- Manual testing by CyResLab researchers
Ideal for: Clients that are interested in initial vulnerability discovery in mobile applications they develop or use (author permission may be required). Further security services (including more in-depth tests, attack simulations, exploit demonstrations) are also available.