Penetration tests of applications

We perform comprehensive penetration testing of API, web, mobile (iOS, Android) and desktop applications.

Our tests follow the OWASP methodology, while leveraging our best practices for maximum protection of your systems.

During development, the focus is often on functionality and design, while security is often neglected. That’s why we recommend penetration testing not only before deployment into production, but also periodically during operation.

Request app testing
Integra | Profesionální penetrační testy.

What threats do application penetration tests reveal?

Application penetration testing focuses on identifying security weaknesses that can be caused by misconfiguration, faulty data processing or suboptimal implementation. Particular emphasis is placed on detecting risks associated with data leakage, unauthorized access, user identity theft, privilege escalation, and manipulation of sensitive information.

Testing includes a comprehensive examination of the security of all functions, authentication and authorization mechanisms, business logic, and data handling within the tested applications. The goal is to minimize vulnerabilities and ensure maximum protection against cyber threats.

  • Checking for data leaks.
  • Options for introducing malicious code.
  • Abuse / theft of user identity.
  • Unauthorized access to the system and data.
  • User account protection, password policy, account locking, registration process or existence of test accounts.
  • Options to bypass or break the functional logic of the application.
  • Static analysis of a binary application.

The most common findings

  • Injection - smuggling malicious code, stealing databases.
  • Insufficient security for user accounts.
  • Cross-Site Scripting (XSS) - obtaining login data.
  • Insufficient user rights verification for important actions.
  • Non-updated SW, exploitation of known vulnerabilities.
  • Transmission of sensitive data over an insecure channel, storage in open form.

Test scenarios

Black box

  • Testing without knowledge of how the application works, simulating an attack from the outside
  • Tester does not have access to documentation or source code
  • Suitable for detecting infrastructure vulnerabilities and testing authorization form security
  • Fast, efficient and least time-consuming, but with a limited testing scope

Grey box

  • Black box test +
  • In-depth application testing from the perspective of a real attacker, both without authentication and with authentication
  • Documentation, tutorials, user accounts to the application and support from the client are made available to the tester
  • Optimal form of application testing where all attack vectors are tested
  • Medium time complexity, depends on the complexity of the application and the chosen methodology

White box

  • Grey box test +
  • Tests with full access to the application source code
  • Thorough knowledge of the source code and internal architecture of the application is required
  • Most time and resource intensive due to the detail and scope of testing

Contact us

Contact us using the contact form and our specialist will get back to you within 24 hours.

Contact form

IČO: 24216941 / DIČ: CZ24216941

U Sluncové 666/12a
186 00, Praha 8

info@integra.cz
+420 214 214 602

About us
References

Career
Contact

© 2024 ALL RIGHTS RESERVED

Instagram

We are hackers on your side!

Request for sample report of test results

Žadost o vzorovou zprávu výsledků z testu