Application pentest
Whether it is a thick client pentest or a mobile application pentest (Android, iOS), our consultants are able to provide an in-depth analysis of their security based on reverse engineering techniques and attacks on network communications and APIs.
Source code analysis (SAST)
Identify risky practices and vulnerabilities introduced in the application source code.
Analysis of application logic in native libraries or DLLs.
Dynamic analysis (DAST)
Exploitation of system vulnerabilities on thick clients (dll hijacking, buffer overflow, Powershell / Bash injections), attacks on communications between the application and the servers based on web exploitation techniques: exploitation of weaknesses in the API, vulnerabilities in the application logic. Exploitation of services exposed by the Android application.
In which cases should you choose application penetration testing?
You develop iOS or Android mobile applications, or heavy clients (.net, Java, scripts, binaries).
You want to check the security level of a third-party application.
Mission organization
An initiation meeting makes it possible to identify the needs and scope of the mission, as well as any constraints.
A legal mandate between the different parties is published in order to supervise DSecBypass‘s audit service.
The consultant in charge of the mission can be reached at any time during its execution and informs the customer in the event of a critical discovery.
Penetration test results
The deliverables of the mission include a report as well as two optional restitutions.
The report includes a summary of the results as well as the details of the identified vulnerabilities and recommendations.
The technical restitution is an opportunity for the consultant to present his approach and his results in an interactive way, and to discuss with the client and his teams on the action plan. Managerial restitution makes it possible to address an executive audience.
