How it works
- OWASP Mobile Security Testing Guide (MSTG)
- NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
- PCI DSS Information Supplement: Penetration Testing Guidance
- MITRE ATT&CK® Matrices for Mobile and Enterprise
- FedRAMP Penetration Test Guidance
- ISACA’s How to Audit GDPR
- OWASP Application Security Verification Standard (ASVS v4.0.2) Mapping
- Common Vulnerabilities and Exposures (CVE) Compatible
- Common Weakness Enumeration (CWE) Compatible
- Common Vulnerability Scoring System (CVSS v3.1)
Most Comprehensive Mobile Penetration Testing
- Mobile Penetration Testing
- SANS Top 25 Full Coverage
- PCI DSS 6.5.1-6.5.10 Full Coverage
- OWASP Mobile Top 10 Full Coverage
- Backend Testing (REST/SOAP/GraphQL APIs)
- AI Augments Human Testing and Analysis
- Machine Learning Accelerates Testing
- Authenticated Testing (OTP / MFA)
- Business Logic Testing
- Privacy Review
- Full Customization of Testing
- Rapid Delivery SLA Money back
Contractual money-back guarantee for a delayed delivery date.
ImmuniWeb® MobileSuite Packages
ImmuniWeb® MobileSuite | Corporate Pro Designed for mobile application of large size and complexity, with multiple endpoints (e.g. APIs or web services) or several user roles. | Corporate Designed for mobile application of medium size and complexity, with several endpoints (e.g. APIs or web services) or a couple of user roles. | Express Pro Designed for mobile application of small size and complexity, with one or two endpoints (e.g. APIs or web services) and one user role. | Express Designed for mobile application of very small size and complexity, with one main endpoint (e.g. API or web service) and one simple user role. |
---|---|---|---|---|
AI-Automated Penetration Testing Our award-winning Deep Learning AI technology accelerates and intelligently automates over 7,500 checks of your mobile application security, which usually require human labor and cannot be performed by traditional vulnerability scanners due to complexity. | 120 hours | 120 hours | 72 hours | 24 hours |
Manual Testing of Business Logic Our CREST-accredited security experts conduct advanced security testing of your mobile application’s business logic, perform reverse engineering and exploitation of your mobile application backend (e.g. APIs or web services), and run other security and privacy checks that require human intelligence due to high complexity. | 4+ experts | 3+ experts | 2+ experts | 1 expert |
Zero False Positives SLA Our Terms of Services provide contractual money-back guarantee for a single false positive in your penetration testing report. | ||||
Rapid Delivery SLA Our Terms of Services provide contractual money-back guarantee for delayed delivery of your penetration testing report. | ||||
WAF Virtual Patching Our technology alliances with the leading WAF vendors provide ready-to-use WAF rulesets with your penetration testing report to automatically mitigate the vulnerabilities found in the backend (e.g. APIs or web services) of your mobile application. | ||||
DevSecOps & CI/CD Integrations Our technology alliances with the leading SIEM and DevOps vendors provide one-click vulnerability data export into your vulnerability management systems, bug trackers, as well as integration of penetration testing into your CI/CD pipeline. | ||||
24/7 Access to our Security Analysts Our security analysts are at your disposal during and after the penetration test may you need any advice or additional information on remediation or implementation of security best practices. | ||||
Unlimited Patch Verification Scans Unlimited patch verification scans are available during 100 days after the delivery of your penetration testing report to verify that all of the detected vulnerabilities have been properly fixed by your software developers. | ||||
Privacy Assessment Our security experts examine widespread privacy issues and compliance failures in your mobile application. | ||||
Cross-Platform Apps Testing Corporate package is required for complex cross-platform applications (e.g. Xamarin Framework) as they usually require significantly more resources and human time for comprehensive testing. | ||||
Root or Jailbreak Detection Bypass Corporate Pro package is required if your mobile application has a protection against running on rooted or jailbroken devices. | ||||
Emulator Detection Bypass Corporate Pro package is required if your mobile application prevents running on an emulator or requires to be tested on a real device. | ||||
Certificate Pinning Bypass Corporate Pro package is required if your mobile application uses SSL certificate pinning technology. | ||||
Code Obfuscation Bypass Corporate Pro package is required if your mobile application's code is obfuscated to prevent reverse-engineering. | ||||
Red Teaming Exercise On request, our security experts may perform Red Teaming exercise tailored to your threat landscape, emulating tactics, techniques and procedures (TTP) of a specific cyber threat actor. | ||||
Price | $9495 — | $7495 — | $3495 — | $1495 — |