Turnkey Mobile Penetration Testing

ImmuniWeb® MobileSuite leverages our proprietary Multilayer Application Security Testing technology for rapid, reliable and DevSecOps-enabled mobile penetration testing. It combines our award-winning Machine
Learning and AI technology with scalable and cost-effective manual mobile security testing.

ImmuniWeb® MobileSuite

Threat-Aware Testing

SANS Top 25 full coverage and business
logic testing

Accurate Reporting

Zero false-positives SLA and actionable remediation guidelines

DevSecOps Tailored

SDLC and CI/CD tools integration, WAF for mobile backend flaws

How It Works

1 Pick up a mobile
application

2 Customize, pay and
schedule the test

3 Download your
remediation report

Standards & Methodologies

We leverage in-house application security testing methodologies in combination with:

OWASP Testing Guide
NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
PCI DSS Information Supplement: Penetration Testing Guidance
FedRAMP Penetration Test Guidance
ISACA’s How to Audit GDPR

NIST SP 800-115 Technical Guide to Information Security Testing and Assessment

PCI DSS Information Supplement: Penetration Testing Guidance

We follow international standards to report security vulnerabilities:

Common Vulnerabilities and Exposures (CVE) Compatible
Common Weakness Enumeration (CWE) Compatible
Common Vulnerability Scoring System (CVSSv3)

Vulnerability Coverage Datasheet

Mobile Application Penetration Testing

Mobile Backend APIs Penetration Testing

A1: Injection
A6: Security Misconfiguration
A2: Broken Authentication
A7: Cross-Site Scripting (XSS)
A3: Sensitive Data Exposure
A8: Insecure Deserialization
A4: XML External Entities (XXE)
A9: Using Components with Known Vulnerabilities
A5: Broken Access Control
A10: Insufficient Logging & Monitoring

Injection Flaws
Many other "High" Risk Vulnerabilities
Buffer Overflows
Cross-Site Scripting (XSS)
Insecure Cryptographic Storage
Improper Access Control
Insecure Communications
Cross-Site Request Forgery (CSRF)
Improper Error Handling
Broken Authentication and Session Management

CWE-22: Path Traversal
CWE-89: SQL Injection
CWE-78: Command injection
CWE-89: Blind SQL Injection
CWE-79: Stored XSS
CWE-90: LDAP Injection
CWE-79: Reflected XSS
CWE-91: XML Injection
CWE-79: DOM-Based XSS
CWE-93: CRLF Injection

CWE-345: Insufficient Verification of Data Authenticity
CWE-352: Cross-site request forgery (CSRF)
CWE-384: Session Fixation
CWE-400: Resource Exhaustion
CWE-434: Arbitrary File Upload

CWE-502: Deserialization of Untrusted Data
CWE-521: Weak Password Requirements
CWE-601: Open Redirect
CWE-611: Improper Restriction of XML External Entity Reference (XXE)
CWE-613: Insufficient Session Expiration

CWE-643: XPath Injection
CWE-804: Guessable CAPTCHA
CWE-799: Improper Control of Interaction Frequency
CWE-918: Server-Side Request Forgery (SSRF)
CWE-942: Overly permissive Cross-domain Whitelist

DevSecOps Integration

Developers Environment

Web Application Firewalls

Most Comprehensive Testing with Zero False Positives SLA

Ultimate
Mobile App Testing

Static, dynamic and interactive
security testing with SCA

Intelligent
Behavioral Analysis

Machine learning technology enhanced
with manual security testing

Backend
Security Testing

Manual security testing of
Web Services and APIs

Zero
False-Positives SLA

One single FP? Money back
contractual guarantee

Tailored
Remediation Guidelines

Action-based remediation guidelines
tailored for your infrastructure

Start
in a Few Clicks

No integration or installation costs,
just sign-up to start

ImmuniWeb® MobileSuite Packages

$1,499 all included

1 Testing

Instant Start
Two business days delivery SLA
Mobile app and backend testing
Multilayer Application Security Testing:
- Threat-aware testing scenarios
- Up to 2,5 days of team penetration testing
- DAST, IAST and SCA elastic scanning
- AI to reduce human testing and analysis
- Machine Learning to accelerate testing
- Authenticated testing
- 2FA & SSO support
Full customization of testing

2 Reporting

Zero False-Positives SLA
Threat-Aware Risk Scoring
Tailored Remediation Guidelines
Web Interface, PDF and XML Formats
PCI DSS and GDPR compliances
CVE, CWE and CVSSv3 scores

3 Remediation

24/7 Access to Our Security Analysts
Integration With SDLC & CI/CD Tools
One-Click Virtual Patching via WAF (backend)
Multirole Dashboard

$3,990 all included

1 Testing

Instant Start
Four business days delivery SLA
Mobile app and backend testing
Multilayer Application Security Testing:
- Threat-aware testing scenarios
- Up to 5 days of team penetration testing
- DAST, IAST and SCA elastic scanning
- AI to reduce human testing and analysis
- Machine Learning to accelerate testing
- Authenticated testing
- 2FA & SSO support
Full customization of testing

2 Reporting

Zero False-Positives SLA
Threat-Aware Risk Scoring
Tailored Remediation Guidelines
Web Interface, PDF and XML Formats
PCI DSS and GDPR compliances
CVE, CWE and CVSSv3 scores

3 Remediation

24/7 Access to Our Security Analysts
Integration With SDLC & CI/CD Tools
One-Click Virtual Patching via WAF (backend)
Multirole Dashboard

$6,990 all included

1 Testing

Instant Start
Six business days delivery SLA
Mobile app and backend testing
Multilayer Application Security Testing:
- Threat-aware testing scenarios
- Up to 10 days of team penetration testing
- DAST, IAST and SCA elastic scanning
- AI to reduce human testing and analysis
- Machine Learning to accelerate testing
- Authenticated testing
- 2FA & SSO support
Full customization of testing

2 Reporting

Zero False-Positives SLA
Threat-Aware Risk Scoring
Tailored Remediation Guidelines
Web Interface, PDF and XML Formats
PCI DSS and GDPR compliances
CVE, CWE and CVSSv3 scores

3 Remediation

24/7 Access to Our Security Analysts
Integration With SDLC & CI/CD Tools
One-Click Virtual Patching via WAF (backend)
Multirole Dashboard

Not sure which package is right for you?
Try Package Selector or Contact Sales

The packages provide an increasing volume of manual penetration testing and vulnerability scanning resources tailored for various application sizes and complexity.

Start Now Package Selector

Any questions? Contact Sales

Testimonials and Customer References

ImmuniWeb is an efficient and very easy-to-use solution that combines automatic and human tests. The results are complete, straightforward and easy to understand. It’s an essential tool for the development of the new digital activities

Didier Ramella
CISO

ImmuniWeb significantly enhanced our vulnerability assessment capacity. It's an indispensable tool for continuous auditing of web based systems

Viktor Polic
Chief Security Officer

ImmuniWeb provides accurate assessment on the security posture of our cloud-based applications. The report provided is concise and easy to read with sound advisories on the necessary steps to fix the issues. What impressed me most was that no false-positive was listed and the vulnerabilities are real. ImmuniWeb certainly gives us the right level of assurance that our cloud-based applications are safe and 'good-to-go' before we deploy them out to production

Lee Chye Seng
Director, Learning Systems and Applications

ImmuniWeb is an invaluable tool for iPresent with both automated and manual penetration testing. The fantastic manual testing has found even the most hidden and complicated bugs in our security and ImmuniWeb has delivered first class knowledge. The self-service interface also gives us great control to schedule and monitor tests when we need them

Neil Bostrom
Chief Technical Officer

ImmuniWeb is a great innovative service that brings unbeatable ROI. It is undoubtedly the best way to quickly and easily guarantee your customers that their data is safe with you - and yours too by the way! Efficient and effective!

Jean-Michel Beylard-Ozeroff
Head of IT