Mobile Application Penetration Testing

Vulnerability Assesment and Penetration Testing

for Mobile applications on Android and iOS platforms

what is

Mobile Application Penetration Testing

Mobile Application Penetration Testing is the process of evaluating the security of a mobile application by simulating attacks that a hacker might attempt to exploit vulnerabilities in the application. Penetration testing is an essential part of the mobile application development process because it helps identify security weaknesses in the application that could be exploited by attackers.

how we work

Our approach

1. Pre-engagement

On the Pre-engagement phase we'll discus the type of testing you would like to get (Vulnerability Assessment, Penetration Testing, Automated Scan), the scope of testing, schedule, reporting, contact points and so on.

2. Security Testing

During the Security Testing phase we'll identify the Android or iOS application weaknesses. The testing process is based on OWASP Mobile Application Security Verification Standard and OWASP Mobile Security Testing Guide.

3. Reporting

Reporting phase embrace collecting all findings and formatting them for presenting. Depending on agreement on the first phase it migh be document, presentation, or tickets in your bug tracking system (like JIRA). All findings will be risk and severity classified. Also we'll provide remediation and development best practices to eliminate such kind of issues in the future. Download Mobile Application Sample Report.

4. Retest

In this phase we'll verify security fix implementation for discovered issues to prevent exploiting weakness in the fix.

we provide following

Types of Testing

Black-box

Black-box testing is conducted without the tester's having any information about the app being tested. This process is sometimes called "zero-knowledge testing." The main purpose of this test is allowing the tester to behave like a real attacker in the sense of exploring possible uses for publicly available and discoverable information.

Gray-box

Gray-box testing is all testing that falls in between the two aforementioned testing types: some information is provided to the tester (usually credentials only), and other information is intended to be discovered. This type of testing is an interesting compromise in the number of test cases, the cost, the speed, and the scope of testing. Gray-box testing is the most common kind of testing in the security industry.

White-box

White-box testing (sometimes called "full knowledge testing") is the total opposite of black-box testing in the sense that the tester has full knowledge of the app. The knowledge may encompass source code, documentation, and diagrams. This approach allows much faster testing than black-box testing due to it's transparency and with the additional knowledge gained a tester can build much more sophisticated and granular test cases.

Contact us

We’d love to find out more about your needs and prepare exclusive proposal.