A company, offering mobility services, bases their business model on an app. Within a cooperation an application penetration test of the app and the corresponding web service was requested.
assignment_ind
Our approach
The iOS app as well as the Android app was analyzed. Specially prepared smartphones and tables were used to examine the apps. With the help of an intercepting proxy, the communication to the web service was inspected and subsequently attacked.
assignment_turned_in
The added value for the customer
It was possible to identify multiple functions with authorization management issues thanks to the evaluation. Even administrative web services were insufficiently protected. The company was able to close the found vulnerabilities and then establish a cooperation with a larger business.
Um Ihnen einen optimalen Nutzen unserer Homepage und unseres Blogs zu ermöglichen verwenden wir Cookies, um die Websitenutzung auszuwerten. Wenn Sie uns dabei helfen möchten unser zu Angebot verbessern, bitten wir Sie dies zuzulassen. Weitere Informationen finden Sie in unserer Datenschutzerklärung.Ich helfe gerne und akzeptiereNein, bitte nichtDatenschutzerklärung
