Application penetration tests

We perform penetration testing of APIs, web, mobile or desktop applications. We test according to the OWASP methodology, which includes more than 90 security areas and our best practices.

Request app testing
show more
Rectangle 36

Application testing

Applications are undoubtedly the foundation of business. When developing applications, the primary focus is on functionality, appearance and certainly price. Therefore, applications are recommended to be tested both before deployment to production and regularly during their use. Some security flaws stem from faulty application design.

Request app testing

Main test scenarios

  • Checking for data leaks.
  • Options for introducing malicious code.
  • Abuse / theft of user identity.
  • Unauthorized access to the system and data.
  • User account protection, password policy, account locking, registration process or existence of test accounts.
  • Options to bypass or break the functional logic of the application.
  • Static analysis of a binary application.

The most common findings

  • Injection - smuggling malicious code, stealing databases.
  • Insufficient security for user accounts.
  • Cross-Site Scripting (XSS) - obtaining login data.
  • Insufficient user rights verification for important actions.
  • Non-updated SW, exploitation of known vulnerabilities.
  • Transmission of sensitive data over an insecure channel, storage in open form.

Black box testing

  • The submitter provides only the URL of the web application.
  • The tester maps the environment using the same methods as a hacker without the organization’s know-how.
  • More time consuming than white box testing.

White box testing

  • The client provides source codes, accounts with administrator rights and documentation.
  • This testing specializes in deeper application issues such as dangerous sub-vulnerability strings and application logic errors.
Rectangle 36

Mobile app testing (iOS & Android)

Mobile apps are a known weakness of information systems.

By penetration testing mobile apps, companies can gain insight into source code vulnerabilities, bottlenecks, and attack vectors on these apps.

We test both Android and iOS platforms.

Request app testing

Main test scenarios

  • Focus on the possibility of data leakage and misuse in the phone / tablet.
  • Checking the security of communication between applications and servers.
  • Attacks carried out from the public environment and the Internet.
  • Reverse Engineering - application code analysis.

Most common findings

  • Insufficient authorization against API.
  • Weak security against MITM (Man In The Middle) attacks.
  • Access data stored in the application code.
  • Insufficient security of sensitive data stored on mobile devices.

Evaluation of penetration tests

Each penetration test is followed by a phase of documenting the entire test process, describing any vulnerabilities found and rating their severity according to the CVSS classification. 

This is the technical part of the report, which is intended for security managers, engineers and application developers, where for each vulnerability a recommendation is also given on how to prevent or solve the problem.

At the end of the report, you will find a management summary that explains in an understandable way to the company’s management the vulnerabilities and security gaps found, their severity and ways to fix any problems.

On request, we can send you a sample of the resulting report. 

Request app test
Rectangle 36 (1)

Contact us

Contact us using the contact form and our specialist will get back to you within 24 hours.

Contact form

IČO: 24216941 / DIČ: CZ24216941

U Sluncové 666/12a
186 00, Praha 8

info@integra.cz
+420 214 214 602

About us
References

Career
Contact

© 2024 ALL RIGHTS RESERVED

Instagram

We are hackers on your side!

Request for sample report of test results

Žadost o vzorovou zprávu výsledků z testu