Security in Integrated Circuit 
Company 
Blog
Contact us
eShard
/
Risk Management For Mobile Applications

Risk Management - Mobile Applications

Mobile applications do not operate standalone but are the front door and user interface to a backend eco-system, and often running on uncontrolled devices, unmaintained or rooted. Mobile applications can be compromised and misused as door-openers to gain access to sensitive information, and therefore deserve/require special attention in regard to their security. As a result, regular security testing therefore needs to be part of the risk management agenda.

When to test a mobile application?

You should security test your mobile application to avoid regression, e.g. if

  • Your code has changed because of functional enhancement or bug fixing
  • New attacks that may impact your mobile app have been published
  • Your internal security policy requires so
  • You need to demonstrate compliance with third party requirements. There are two different but complementing approaches for mobile application security testing: automated testing and penetration testing.

Automated Mobile Application Security Testing

Mobile Application Security Testing can be performed automatically using tools. eShard has developed its comprehensive esChecker SaaS solution which provides fast static, dynamic and interactive testing. esChecker can be seamlessly integrated into the CI/CD tool chain to ensure that all required protections are available and effective before releasing a mobile application. Within one hour, you can make sure that the app is meeting your security baseline.

Our customized Mobile Application Penetration Testing starts where automated tools end

A mobile app penetration test starts where automated static, dynamic and interactive mobile application security testing tools end. The mobile application penetration test analyzes the resistance of the implemented protections against real-life attacks and in-depth. The penetration test provides detailed insights into the resistance of the mobile application and a rating of the effectiveness of its protections in regard to real-life attacks.

Security testing customized to your requirements and needs

We perform mobile application security testing customized to your expectations and requirements. For this, we may take third-party requirements into account, e.g.

  • your customer’s policies and requirements,
  • Industry requirements (e.g. PCI, EMVCo, American Express, Mastercard and Visa requirements),
  • best practices (e.g. OWASP) or
  • legal requirements (GDPR, regulatory). to demonstrate your compliance with.Additionally, we perform mobile application penetration tests that go even beyond compliance requirements, customized to your requirements and expectations.

Interested in automated checking of protection in mobile applications and integration in your CI/CD toolchain?

The customized mobile application penetration test builds upon the results of eShard’s automated mobile application testing (MAST) solution esChecker. For learning about the automated testing of the protections, click down below:

Learn more about esChecker

Advanced Backend Penetration Testing

A vulnerability in the mobile application API often corresponds to/is mirrored by a vulnerability in the backend systems and backend applications. These dependencies/these ties, an Adv.Mob.App. Pen.Test. is often augmented/complemented by an advanced penetration test of the backend systems and web applications, as both ends are connected and share the same API.

Interested in advancing your knowledge and learning about state-of-the-art attack techniques?

eShard shares its knowledge within its esCoaching training solution which provides a pathway from the Android and iOS basics to the advanced techniques. Our mission is about staying at the forefront in software and ICs security and helping our customers to get or remain there, as security shall be a concern of everybody.

Learn more about esCoaching

Interested?

Contact us
© eShard 2021. All rights reserved
Privacy policy | Legal Notice
Bâtiment GIENAH
11 avenue de Canteranne
33600 PESSAC
France
7 rue Gaston de Flotte
13012 MARSEILLE
France
#04-01 Paya Lebar Quarter
1 Paya Lebar Link
SINGAPORE 408533
eShard GmbH
Lebacher Str. 4
66113 Saarbrücken
Germany