Turnkey Mobile Penetration Testing

ImmuniWeb® MobileSuite leverages our proprietary Multilayer Application Security Testing technology for rapid, reliable and DevSecOps-enabled mobile penetration testing. It combines our award-winning Machine
Learning and AI technology with scalable and cost-effective manual mobile security testing.

ImmuniWeb® MobileSuite

Comprehensive Testing
Comprehensive Testing

SANS Top 25, PCI DSS and OWASP
coverage & business logic testing

Accurate Reporting
Accurate Reporting

Zero false-positive SLA and actionable remediation guidelines

DevSecOps Tailored
DevSecOps Tailored

SDLC and CI/CD tools integration, WAF for mobile backend flaws

How It Works

  1. Pick up a mobile
    application
  2. Customize, pay and
    schedule the test
  3. Download your
    remediation report

Mobile App and Backend APIs Testing

Mobile Application Audit
  • OWASP Mobile Top 10
  • Software Composition Analysis
  • Behavioral Analysis
  • Privacy Risks
Encryption & Privacy Testing
  • Confidential data leakage
  • Weak network encryption
Mobile Backend APIs Audit
  • OWASP Top 10
  • CWE/SANS Top 25
  • PCI DSS 6.5.1-6.5.10
  • Business Logic Testing

Standards & Methodologies

We leverage in-house application security testing methodologies in combination with:

  • OWASP Testing Guide
  • NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
  • PCI DSS Information Supplement: Penetration Testing Guidance
  • FedRAMP Penetration Test Guidance
  • ISACA’s How to Audit GDPR
NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
PCI DSS Information Supplement: Penetration Testing Guidance
FedRAMP Penetration Test Guidance
OWASP Testing Guide

We follow international standards to report security vulnerabilities:

  • Common Vulnerabilities and Exposures (CVE) Compatible
  • Common Weakness Enumeration (CWE) Compatible
  • Common Vulnerability Scoring System (CVSSv3)
Common Vulnerabilities and Exposures (CVE) Compatible Common Weakness Enumeration (CWE) Compatible Common Vulnerability Scoring System (CVSSv3)

Vulnerability Coverage Datasheet

Mobile Application Penetration Testing

Mobile Backend APIs Penetration Testing

  • Injection Flaws

  • Many other "High" Risk Vulnerabilities

  • Buffer Overflows

  • Cross-Site Scripting (XSS)

  • Insecure Cryptographic Storage

  • Improper Access Control

  • Insecure Communications

  • Cross-Site Request Forgery (CSRF)

  • Improper Error Handling

  • Broken Authentication and Session Management

DevSecOps Integration

Developers Environment

Jira DevSecOps Integration HP DevSecOps Integration Bugzilla DevSecOps Integration Splunk DevSecOps Integration Mantis DevSecOps Integration Defectdojo DevSecOps Integration

Web Application Firewalls

Most Comprehensive Testing with Zero False Positive SLA

Ultimate
Mobile App Testing

Static, dynamic and interactive
security testing with SCA

Intelligent
Behavioral Analysis

Machine learning technology enhanced
with manual security testing

Backend
Security Testing

Manual security testing of
Web Services and APIs

Zero
False-Positive SLA

One single FP? Money back
contractual guarantee

Tailored
Remediation Guidelines

Action-based remediation guidelines
tailored for your infrastructure

Start
in a Few Clicks

No integration or installation costs,
just sign-up to start

ImmuniWeb® MobileSuite Packages

$1,499 all included
1 Testing
  • Instant Start
  • Two business days delivery SLA
  • Mobile app and backend testing
  • Multilayer Application Security Testing:
    • Threat-aware testing scenarios
    • Up to 2,5 days of team penetration testing
    • DAST, IAST and SCA elastic scanning
    • AI to reduce human testing and analysis
    • Machine Learning to accelerate testing
    • Authenticated testing
    • 2FA & SSO support
  • Full customization of testing
2 Reporting
  • Zero False-Positive SLA
  • Threat-Aware Risk Scoring
  • Tailored Remediation Guidelines
  • Web Interface, PDF and XML Formats
  • PCI DSS and GDPR compliances
  • CVE, CWE and CVSSv3 scores
3 Remediation
  • 24/7 Access to Our Security Analysts
  • Integration With SDLC & CI/CD Tools
  • One-Click Virtual Patching via WAF (backend)
  • Multirole Dashboard
$3,990 all included
1 Testing
  • Instant Start
  • Four business days delivery SLA
  • Mobile app and backend testing
  • Multilayer Application Security Testing:
    • Threat-aware testing scenarios
    • Up to 5 days of team penetration testing
    • DAST, IAST and SCA elastic scanning
    • AI to reduce human testing and analysis
    • Machine Learning to accelerate testing
    • Authenticated testing
    • 2FA & SSO support
  • Full customization of testing
2 Reporting
  • Zero False-Positive SLA
  • Threat-Aware Risk Scoring
  • Tailored Remediation Guidelines
  • Web Interface, PDF and XML Formats
  • PCI DSS and GDPR compliances
  • CVE, CWE and CVSSv3 scores
3 Remediation
  • 24/7 Access to Our Security Analysts
  • Integration With SDLC & CI/CD Tools
  • One-Click Virtual Patching via WAF (backend)
  • Multirole Dashboard
$6,990 all included
1 Testing
  • Instant Start
  • Six business days delivery SLA
  • Mobile app and backend testing
  • Multilayer Application Security Testing:
    • Threat-aware testing scenarios
    • Up to 10 days of team penetration testing
    • DAST, IAST and SCA elastic scanning
    • AI to reduce human testing and analysis
    • Machine Learning to accelerate testing
    • Authenticated testing
    • 2FA & SSO support
  • Full customization of testing
2 Reporting
  • Zero False-Positive SLA
  • Threat-Aware Risk Scoring
  • Tailored Remediation Guidelines
  • Web Interface, PDF and XML Formats
  • PCI DSS and GDPR compliances
  • CVE, CWE and CVSSv3 scores
3 Remediation
  • 24/7 Access to Our Security Analysts
  • Integration With SDLC & CI/CD Tools
  • One-Click Virtual Patching via WAF (backend)
  • Multirole Dashboard
Not sure which package is right for you?
Try Package Selector or Contact Sales
?
The packages provide an increasing volume of manual penetration testing and vulnerability scanning resources tailored for various application sizes and complexity.

Frequently Asked Questions

The main difference is the amount of human time spent on a project to detect the most complicated, untrivial and novel security vulnerabilities. All other options and features are the same.

For every project we have several security analysts conducting advanced manual testing. Thanks to our AI-enabled multilayer application security testing technology, our security analysts spend their time only when and where it is truly needed due to complexity (e.g. bypassing WAF, running a chained exploitation or analyzing business logic flaw).

It is a contractual clause for every project. It clearly stipulates that for one single false positive in your report you will get back the amount paid for the assessment.

When creating a project you can specify in plain English any special requirements for testing and remediation. Just say to focus on 2FA bypass, avoid reporting low-risk XSS or provide in-depth remediation for PHP developers – and we will do so.

We provide actionable remediation guidelines for each of the detected vulnerabilities. Moreover, you have unlimited access to our security analysts might you have any further questions. We also offer one-click virtual patching via WAF of F5, Imperva, Fortinet, Barracuda, DenyAll and many others. All this at no additional cost.

In addition to interactive, multi-role dashboard you can get your report in PDF and XML formats. Available XML schemas are export-ready for all popular developers tools such as Jira.

All ImmuniWeb customers get unlimited access to our security analysts via ImmuniWeb Portal. You can ask questions about exploitation, remediation or any other project-related topics.

All penetration testing data is securely stored in our ISO 27001 infrastructure in Canada and Switzerland (both recognized by the European Commission as countries providing an adequate level of data protection for the purpose of GDPR). For most of the projects we automatically delete the data 90 days after report delivery. Upon request all data can be deleted at any moment.

You may create as many user accounts as practical and grant them flexible, role-based access permissions.

You can start right now, we accept all types of online payments – PayPal, Credit Cards and Bank Wire (usually takes 2-3 business days). If your project is urgent, please create a support ticket and will try to start it immediately.

Any other questions? Contact Sales

Testimonials and Customer References

Crédit Agricole next bank (Suisse) SA
eBay Classifieds Group
BDO
Haymarket Media, Inc.
Swissquote Bank SA
University Hospitals of Geneva (HUG)
Celgene
UNIRISC GROUP
SIX Group Services AG
International Telecommunication Union (ITU)
UN
Banca dello Stato del Cantone Ticino
SIM University
Arab Bank (Switzerland) Ltd.
Legal Vision
iPresent
Gartner Peer Insights
Quick Start
Products
Free Trial
Newsletter