Quality. Simplicity. Speed.
How it works
- Configure and schedule
your pentest in a few clicks
- Get your pentest report
and re-test at no cost
- Receive your pentest
Mobile Penetration Test for Any Need
Mobile App Security
Static, dynamic and interactive
security testing with SCA
Mobile Backend Security
Comprehensive testing of
mobile app’s endpoints
Privacy and Encryption
Detailed analysis of privacy
and encryption problems
Black & White Box
Authenticated (including MFA/SSO)
or Black Box testing
Open Source Security
Software Composition Analysis (SCA)
tests for 20,000+ known CVE-IDs
Breach and attack simulation per
MITRE ATT&CK® Mobile
Proven Methodology and Global Standards
- OWASP Mobile Security Testing Guide (MASTG)
- NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
- PCI DSS Information Supplement: Penetration Testing Guidance
- MITRE ATT&CK® Matrices for Mobile and Enterprise
- FedRAMP Penetration Test Guidance
- ISACA’s How to Audit GDPR
- OWASP Application Security Verification Standard (ASVS v4.0.2) Mapping
- Common Vulnerabilities and Exposures (CVE) Compatible
- Common Weakness Enumeration (CWE) Compatible
- Common Vulnerability Scoring System (CVSS v3.1)
Many Other "High" Risk Vulnerabilities
Cross-Site Scripting (XSS)
Insecure Cryptographic Storage
Improper Access Control
Cross-Site Request Forgery (CSRF)
Improper Error Handling
Broken Authentication and Session Management
CWE-190: Integer Overflow or Wraparound
CWE-502: Deserialization of Untrusted Data
CWE-287: Improper Authentication
CWE-476: NULL Pointer Dereference
API1: Broken Object Level Authorization
API3: Excessive Data Exposure
API5: Broken Function Level Authorization
API7: Security Misconfiguration
API9: Improper Assets Management
API2: Broken User Authentication
API4: Lack of Resources & Rate Limiting
API6: Mass Assignment
API10: Insufficient Logging & Monitoring
ImmuniWeb® MobileSuite Setup and Packages
1 Configure and schedule
your pentest in a few clicks
2 Get your pentest report
and re-test at no cost
3 Receive your pentest
| ImmuniWeb® MobileSuite |
Packages for any need
Designed for mobile application of large size and complexity, with multiple endpoints (e.g. APIs or web services) or several user roles.
Designed for mobile application of medium size and complexity, with several endpoints (e.g. APIs or web services) or a couple of user roles.
Designed for mobile application of small size and complexity, with one or two endpoints (e.g. APIs or web services) and one user role.
Designed for mobile application of very small size and complexity, with one main endpoint (e.g. API or web service) and one simple user role.
| OWASP MASVS Testing |
Our combination of AI technology and CREST-accredited security experts covers OWASP MASVS Levels 1-2 testing requirements.
|Level 2||Level 2||Level 1||Level 1|
| OWASP ASVS Testing |
Our combination of AI technology and CREST-accredited security experts covers OWASP ASVS Levels 1-3 testing requirements.
|Level 3||Level 2||Level 1||Level 1|
| Manual Penetration Testing |
Our CREST-accredited security experts conduct advanced security testing of your mobile application’s business logic, perform reverse engineering and exploitation of your mobile application backend (e.g. APIs or web services), and run other security and privacy checks that require human intelligence due to high complexity.
|5 days||5 days||3 days||1 day|
| Report Writing |
The assessment report can be viewed or downloaded during the next 100 days following the Security Assessment completion.
|8 hours||4 hours||2 hours||1 hour|
- OSINT Search of Stolen Credentials
- Mobile Penetration Testing
- SANS Top 25 Full Coverage
- PCI DSS 6.5.1-6.5.10 Full Coverage
- OWASP Mobile Top 10 Full Coverage
- Backend Testing (REST/SOAP/GraphQL APIs)
- AI Augments Human Testing and Analysis
- Machine Learning Accelerates Testing
- Authenticated Testing (OTP / MFA)
- Business Logic Testing
- Full Customization of Testing
- Rapid Delivery SLA Money back
Contractual money-back guarantee for a delayed delivery date.
- Privacy Review
- Threat-Aware Risk Scoring
- Step-by-Step Instructions to Reproduce
- Web Interface, PDF and XML Formats
- Tailored Remediation Guidelines
- PCI DSS and GDPR Compliances
- CVE, CWE and CVSS Scores
- OWASP MASVS Mapping
- Zero False-Positives SLA Money back
Contractual money-back guarantee for one single false positive.
- Unlimited Patch Verifications
- 24/7 Access to Our Security Analysts
- DevSecOps & CI/CD Tools Integration
- One-click Virtual Patching (Backend)
- Multirole RBAC Dashboard with 2FA
- Penetration Test Certificate
Trusted by 1,000+ Global Customers
ImmuniWeb provides accurate assessment on the security posture of our cloud-based applications. The report provided is concise and easy to read with sound advisories on the necessary steps to fix the issues. What impressed me most was that no false positive was listed and the vulnerabilities are real. ImmuniWeb certainly gives us the right level of assurance that our cloud-based applications are safe and "good-to-go" before we deploy them out to production
Lee Chye Seng
Director, Learning Systems and Applications
ImmuniWeb is a great innovative service that brings unbeatable ROI. It is undoubtedly the best way to quickly and easily guarantee your customers that their data is safe with you - and yours too by the way! Efficient and effective!
Head of IT
ImmuniWeb is an invaluable tool for iPresent with both automated and manual penetration testing. The fantastic manual testing has found even the most hidden and complicated bugs in our security and ImmuniWeb has delivered first class knowledge. The self-service interface also gives us great control to schedule and monitor tests when we need them
Chief Technical Officer
ImmuniWeb is an efficient and very easy-to-use solution that combines automatic and human tests. The results are complete, straightforward and easy to understand. It’s an essential tool for the development of the new digital activities
ImmuniWeb is the best and simplest way to secure your business online. It's really fantastic experience to get report with zero false positive with detailed actions how to resolve problems and remove vulnerabilities. I think ImmuniWeb is definitely the best alternative to pen testers. As well as a way to save on staff and other costs. I am glad that I can get it all without any hidden costs and without complicated licensing schemes
Senior Information Security Officer
We believe ImmuniWeb platform would definitely address the common weaknesses seen in manual assessments. The AI-assisted platform not only automates the assessments, but also, executes them in a continuous, consistent and reliable fashion. Admittedly, the platform would definitely add quick wins and great ROI to its customers on their investment.
Information Security Officer
Why Choosing ImmuniWeb® AI Platform
Feel the difference. Get the results.
Frequently Asked Questions
- QDo I need two packages for iOS and Android versions of the same app?ANormally yes, however, the second package will be offered with a 50% discount. Recurrent penetration testing of the same mobile app also has special discounts. Please get in touch with us to learn more and get a custom quote for your mobile security testing needs.
- QHow can customize my mobile pentesting requirements?AAt the first step of project creation, you can easily configure special requirements for mobile penetration testing. For example, you can select authenticated (White Box) testing with 2FA/SSO if you mobile app supports authentication, try some specific attack vectors, such as extracting protected content or activate features that are only available to premium users.
- QWhat is the difference between the packages?APackages (from right to left) include gradually more human time and other resources that will be allocated for the penetration test. Generally, the bigger your scope is, the bigger package you need to comprehensively test your mobile application and its backend for all know vulnerabilities and attack vectors. Please reach out to us for a quote tailored for your specific needs and scope.
- QCan you test mobile applications built with Xamarin or Flutter?AYes, we can test applications built with any mobile frameworks or technologies. However, complicated cross-platform frameworks, such as Xamarin and Flutter, impose additional challenges that usually require supplementary resources and human time for comprehensive testing of the application. Therefore, the minimum required package for those frameworks is MobileSuite Corporate.
- QHow are you different from other penetration testing companies?AImmuniWeb® MobileSuite leverages our award-winning Machine Learning technology for acceleration and intelligent automation of laborious and time-consuming testing tasks and processes, eventually saving a considerable amount of human time on our side. Eventually, compared to traditional penetration testing, you may expect to get your penetration testing report much faster and to get higher vulnerability detection rate, as our security experts will spend their valuable time to meticulously reverse engineer your application and try the most sophisticated attack vectors instead of wasting time on routine or automatable security checks.
Mobile Application Penetration Testing
Best Value for Money
Many of our mobile security experts started mobile penetration testing with the first version of iPhone over a decade ago. Today, ImmuniWeb pioneers mobile application penetration testing market with ImmuniWeb® MobileSuite that combines all-inclusive security, privacy and compliance testing of a mobile app and its backend.
Being well familiar with all the hurdles of a traditional mobile application penetration testing, we have been designing and continuously improving our offering to make it both cost-efficient and easily consumable.
Our award-winning Deep Learning AI technology accelerates and intelligently automates a wide spectrum of laborious security checks and tests that usually require many hours of expensive and unscalable human work. On top of our unique technology, our mobile security experts and CREST-accredited penetration testers conduct the most sophisticated security tests spanning from reverse engineering of mobile app defense solutions to sophisticated exploitation of business logic flaws or chained vulnerabilities in iOS or Android apps.
This hybrid approach consolidates the best of AI technology and human genius, delivering the most inclusive but rapid and price-wise service to our customers and partners. Prominent industry analysts from IDC, Forrester and Gartner mentioned the advantages of ImmuniWeb technology compared to fully automated mobile application security testing or human-driven mobile penetration testing assisted with fairly primitive mobile vulnerability scanners.
Importantly, our mobile application penetration testing is fully equipped with all possible DevSecOps integrations to facilitate vulnerability remediation by software developers.
Our packages include holistic and in-depth security and privacy testing both of the mobile application and its endpoints such as APIs and Web Services, effectively combining web and mobile security.
Our pricing outshines traditional penetration testing, heavily based on unscalable and thus expensive manual labor. While our unbeatable quality of testing overshadows automated mobile security testing tools by the number of detected security vulnerabilities and privacy risks.
Our award-winning hybrid approach consolidates the very best of Artificial Intelligence and human genius, eventually making human ingenuity both scalable and cost-efficient.