Mobile Application Penetration Testing
Benefits of a mobile application penetration test
- Find sensitive information mobile devices
The device is assessed to ascertain whether suitable security measures have been taken to protect sensitive information in the event that devices with the application have been stolen/entered the wrong hands.
- Assess API security
We will identify any unauthorized access to data using APIs that the mobile device uses and whether suitable protection has been applied for secure communications between the device and the service.
- Discover sensitive information in-app diagnostics log data
Crash reporting and app diagnostics services will be analyzed to identify personal and sensitive data that could have been included in diagnostics data, which could violate GDPR and other data protection regulations.
- Ensure correct app permissions
Device components that the app is using will be examined to determine the suitability to access these, such as camera, microphone, clipboard.
Our approach to mobile application penetration testing
Our specialist penetration testers use a combination of automated and manual testing to assess iOS and Android applications. The OWASP Mobile Security Guide and eWPT methodologies are used together with our own proprietary methodology and checks. These grow to include concerns about privacy.
Included in mobile security testing is:
- OWASP Mobile Top Ten checked
- Authentication and session implementation
- Static analysis of the application binary
- Jailbreak detection
- Broken access control
- SSL pinning countermeasure
- Testing the APIs for injection
Frequently asked questions.
Do you test iOS and Android applications?
Yes. Our penetration testing labs are set up for Apple (iOS) and Android environments, so we can test applications on both platforms.
Do you test the user sign up process?
We will test a self-registration process and the account verification process to give you and your customers confidence in your security/keep you and your customers assured.
Is the application reverse engineered?
We will reverse engineer the application where we can look for evidence regarding how the application has been developed and also for hardcoded sensitive information, such as API keys and credentials.