Mobile app penetration tests
Application penetration tests of deployed apps and their corresponding web services.
A company, offering mobility services, bases their business model on an app. Within a cooperation an application penetration test of the app and the corresponding web service was requested.
The iOS app as well as the Android app was analyzed. Specially prepared smartphones and tables were used to examine the apps. With the help of an intercepting proxy, the communication to the web service was inspected and subsequently attacked.
The added value for the customer
It was possible to identify multiple functions with authorization management issues thanks to the evaluation. Even administrative web services were insufficiently protected. The company was able to close the found vulnerabilities and then establish a cooperation with a larger business.