App Testing

Our TAF-accredited app security testing laboratory helps find potential security vulnerabilities in apps and gives advice on vulnerability fixing to reduce information security risks.

With mobile devices becoming ubiquitous nowadays, app developers' lack of awareness of information security risks may put users at risk of data leakage or property damage. In response to this, the OWASP has identified the top 10 mobile vulnerabilities, and the Industrial Development Bureau, Ministry of Economic Affairs (IDB, MOEA) has established the “Basic Information Security Standard for Mobile Applications.” TAF-accredited testing laboratories receive test applications from app developers to ensure that their apps comply with the requirements of information security testing standards.

This service is performed by the TAF-accredited information security testing laboratory of ISSDU. The team is fully equipped in the field of information security and has rich experience in information security-related testing: "penetration testing, system and website vulnerability assessment, information security health checks, source code testing, DDoS simulation exercises," providing customers with a full range of security testing services and securing mobile apps.

TAF-Accredited Cyber Security Lab Controlling Mobile App Security for Customers

Penetration Testing's Service Advantages and Benefits

Testing by Professional Teams

Our cyber security laboratory is accredited by the TAF for three information security tests, and our team members have extensive experience in security testing along with international information security certifications to provide professional test plans and services to our customers

Enhanced User Trust and Reputation

Apps nowadays are used in multiple scenarios involving device security, money flow, and users' personal information. To ensure user trust and maintain developers' reputations, our lab conducts multiple tests on mobile app interfaces, connected servers, and app functions while ensuring accurate and safe test results

Increased App Security Level

We perform app security testing to reduce the information security risk of mobile apps, and assist customers in applying for certificates of compliance and MAS cyber security marks after obtaining test reports, enhancing the security level of apps.

Professional Test Reports and Consulting Services

We follow domestic and international security standards, and provide customers with reports and consulting services for vulnerabilities and deficiencies found during testing to help developers reduce app security risks.

Strict Standards for Testing

01 Our app testing service uses the "Basic Information Security Standard for Mobile Applications" established by the IDB, MOEA and the "Basic Information Security Testing Standard for Mobile Applications V3.2" revised by relevant units as the testing standard, and conducts analysis based on the OWASP Mobile Top 10.

02 We strictly perform testing required by customers according to the standards established by the IDB, MOEA

The Testing Standard Includes the Following Aspects​

  • Mobile app release security
  • Sensitive data protection
  • Transaction resource control security
  • Identity authentication, authorization, and connection management security
  • Mobile app code security
  • Webview security

App Testing Service Flow


Project Initiation

Confirm project requirements, test objects, and execution specifications, complete test environment inspection, and obtain legal authorization from customers.


Testing Execution

Perform customized testing according to customer needs, including for sensitive data protection, payment mechanism control, identity authentication, authorization and connection management security.


Test Reports and Certifications

Provide vulnerability reports and consulting services based on test results and assist customers in applying for certificates of compliance and MAS cyber security marks.





工業局規劃App基本資安規範,為針對非特定領域App,制定並推動國內第  一個行動應用APP基礎安全要求之資安規範,屬非強制性,以輔導自主管理取代  立法強制規範的精神,引導並鼓勵行動應用App開發商自主管理。