Mobile Application
Penetration Testing

Security Simplified consultants have the skills and experience to perform mobile application penetration testing on a wide range of mobile applications built on all modern platforms. The penetration test emulates an attack specifically targeting a target mobile application (iOS and/or Android) and aims to enumerate all vulnerabilities.

Security Simplified consultants emulates an attack targeted to a mobile application (iOS and/or Android) and enumerate all vulnerabilities, ranging from binary compile issues and improper sensitive data storage to more traditional application-based issues such as enumeration or injection. The API endpoints that a target application may interact with are covered in the assessment.

Our methodology is derived from the below standards:

  • Open Web Application Security Project (OWASP) Testing Guide
  • OWASP Mobile Security Testing Guide (MSTG)
  • The Penetration Testing Execution Standard (PTES)
Image
Image

Our Methodology

Application Walkthrough

Open-Source Intelligence via Public Sources

Reverse Engineer Binary and Local Data Storage Analysis

Identify Business Logic and App Layer Attacks

Identify Device Layer Attacks

Identify API Interactions

OWASP, MSTG, PTES Methodology

Intercept Traffic for Attack Simulation

Attack App-Layer, API Endpoint and Network Layer

Evidence Collection

Executive Summary

Document Finding, Risk & Recommendations

Sample List of Checks

  • Authentication and Authorization
  • Data Storage and Privacy
  • Platform Interaction
  • Code Quality and Build Settings
  • Architecture, Design and Session Management
  • Network Communication
Image

Reporting

  • Executive summary for the management
  • Vulnerability dashboard for the project team
  • Technical report for the development team
  • Vulnerability description, root cause, impact and remediation steps
  • Reporting and risk rating matrix based on OWASP standards

Want to work with us?

Do you need help finding information or want to know more about what Security Simplified services can do for you?

CONTACT US

Copyright @2022 Security Simplified Limited