In "black box" penetration testing, we analyse the behaviour of apps as they run.
This reveals insecure behaviour and practices that a hacker could exploit.
We do this using meticulously-researched OWASP lists of most common vulnerabilities, combined with our own unique software and tools.
Dynamic Application Security Testing (DAST) provides fast results, usually in days rather than weeks or months. It can reveal problems such as:
Allows an attacker to gain access to a user's account without their knowledge
Divulges user information to an attacker
Allows an attacker to spy on information being sent to/from the cloud, and read stored data
Allows attakers to gain access to your intellectual property or bypass paywalls
We mimic a real hacker by following a "zero-knowledge" (or "black box") approach. This means we begin work without knowing anything about your app or its architecture, allowing us to report back what can be revealed through careful analysis rather than insider knowledge.
We work with your development team to suggest solutions to any security issues raised. Our team are fully qualified Android, iOS and web app developers, and we are often able to implement the solutions, too. This keeps your own development team where they should be, innovating.
Penetration testing covers the basics, and gives you a degree of comfort that the most obvious issues are handled. But it is limited. For example, it would be very unlikely to uncover issues in file format handling which could lead to an attacker to gain practically full control over your app.
To discover the more complex issues, requires expert code analysis.
We are based in Hampshire, UK, with clients all over the world. For a free 20 minute consultation, please enter your details here.
We'll be in touch soon.