PENETRATION TESTING

STATIC CODE ANALYSIS

During static analysis, experts meticulously review a mobile app's source code or reverse-engineered code to uncover security vulnerabilities, including business logic flaws. This method provides a comprehensive view of the application's internal structure and its utilization of external resources. It can also be applied to APIs when their source code is available for auditing.

DYNAMIC CODE ANALYSIS

Dynamic analysis involves examining the app's behavior during runtime to detect security issues arising from interactions with platforms and external services. This method necessitates a live testing environment for apps that communicate with external services.

API SECURITY TESTING

API testing, similar to dynamic analysis, focuses on assessing the security of external services (APIs) used by the app. It involves live security analysis and penetration testing to ensure proper security measures are implemented.

SCA ANALYSIS

Third-party code assessments involve evaluating vulnerabilities in third-party code and libraries used by the app, either through pre-release assessments or vulnerability research, including identifying zero-day vulnerabilities.

APP BUNDLE INTEGRITY CHECK

App bundle inspection ensures that the app is correctly built and packaged before publishing, verifying the absence of debugging or sensitive information and confirming the functionality of security controls.

REPORTS

Issues identified during testing are documented in technical reports or issue tracker spreadsheets, detailing vulnerabilities, evaluating risks, and proposing mitigations. Our experts offer ongoing support for issue retesting and consulting.

EARLY RISK MITIGATION

Mobile app testing provides early risk mitigation, ensuring robust protection for businesses, services, and users. Dolus security offers comprehensive testing services worldwide, leveraging years of experience and research to uncover vulnerabilities beyond standard issues like OWASP Mobile Top 10 Risks.