Web/Mobile Pen Testing

Web App Pen Testing

After scanning applications with automated technologies first to ensure consistent results, we follow up with manual web application pen test services to identify all vulnerabilities that can’t be found through automated scanning. With concrete experience in Web Pentest, our team will go through from back-end to the back-end precisely in order to assure your products are not compromised. These fields will be gone through:

  • Information Gathering
  • Configuration and Deploy Management Testing
  • Identity Management Testing
  • Authentication Testing
  • Authorization Testing
  • Session Management Testing
  • Data Validation Testing
  • Error Handling
  • Cryptography
  • Business Logic Testing
  • Other

Mobile App Pen Testing

Kubertu offers top-tier mobile app penetration testing services, providing a holistic risk assessment to your mobile application. With industry-leading researchers and security engineers in both iPhone and Android, we provide deep dive testing into local, on-device security issues, back-end web services, and the API’s which connect them. The security checklist has been drawn up as follows:

  • Data Storage and Privacy
  • Cryptography
  • Authentication and Session Management
  • Network Communication
  • Code Quality and Build Settings
  • IOS & Android Best Practices
  • Reverse Engineering
  • Malware detection
  • API

What to Expect in our Mobile Pentesting Service

Deep Support for both iOS and Android Platforms

With deep experience in both iOS and Android penetration testing, we understand the unique security challenges and vulnerabilities with each mobile architecture. This expertise allows us to customize assessments to specific concerns, such as reverse-engineering an iOS app or malware threats to an Android app.

Each mobile security assessment simulates multiple attack vectors and risks, including insecure storage, stolen device risk, mobile malware attacks, and both authenticated/unauthenticated app users.  Apps residing on in-house mobile devices? We provide custom scenarios to map enterprise conditions as well.

Static, Dynamic, and Source Code Pentesting

Integrating both static and dynamic analysis, our security experts test each mobile app at-rest and during runtime to identify all vulnerabilities.   This deep-dive methodology also targets local vulnerabilities as well, such as insecure storage of credentials, Android backups including sensitive app data, etc.

While our iOS/Android experts can decompile or reverse-engineering the apps themselves, more vulnerabilities can be identified through a full source code review of the application.  By reviewing the app source code during the penetration test, even deeply buried vulnerabilities can be identified and mitigated.

Mobile Security and Reporting Expertise

Standard and Jailbroken Device Testing

Our mobile security assessments take multiple attack vectors and threats into account, including Jailbroken iOS and rooted Android devices.
By comparing the vulnerabilities of both options, we can demonstrate the security risk from multiple user types, including dedicated attackers and everyday users.

Both Summary and Technical Detail Reports

Documentation and reporting are key to the success of a mobile app pentest.  We incorporate both executive summary and technical details to meet the needs of both leadership and app developers.  Specifically, this detailed penetration testing reporting is broken down as…

  • Summary Risk and App Strengths/Weaknesses
  • Risk-Prioritized Vulnerabilities and Description
  • Vulnerable Code Sections (when Source Code Review is integrated)
  • Attack Walkthrough (including screenshots)
  • Remediation and Defensive Recommendations