Understand Your Risk With A Mobile Application Penetration Test
A mobile application penetration test is the best way to identify weaknesses within your application before an attacker exploits them. At Triaxiom we emulate the real-world attacks your organization is likely to face to quantify the risks and find any weaknesses with your iOS or Android Applications.
How A Mobile Application Penetration Test Helps
A mobile application penetration test includes an in-depth vulnerability assessment and penetration test on both the unauthenticated and authenticated portions of the target mobile application. Testing is based on the OWASP Mobile Security Testing Guide and Security Checklist.
Some of the questions this test will answer include:
- Can an attacker see other user’s data?
- Can attacker intercept and exploit calls from the application to the API server?
- Can a malicious user uncover any sensitive data stored locally on a mobile device?
- Does the application store sensitive information insecurely?
Our mobile application penetration testing includes:
- Static binary analysis
- Dynamic binary analysis
- Analyzing encryption and secure communication
- Identifying logic flaws and authorization bypasses
- Automated and manual tests for injection flaws on all input fields
- Identifying misconfigurations and packaging issues
- Other tests depending on specific application content and languages
Our Mobile Application Penetration Test Process
Our first step is to jump on a quick call with you and one of our lead engineers to understand your organization’s needs and to scope the penetration test. Within a few hours following this call, you will have a proposal with pricing information and next steps.
Our Proposal will have everything you need to make a decision, including scope, our detailed methodology for the in-scope assessments, pricing information, and the biography of a lead engineer who will be directly involved with your assessment.
Should you choose to move forward with Triaxiom, we will provide the required contracts to get the project started. Once contracts are signed, we will assign a project manager to your account that will work with you to schedule the kick-off call and execution of the assessment.
On the kickoff call, we will review the Rules of Engagement document that will govern the project. It will include all project contracts, the rules the team will follow during testing, the testing schedule, and allow you to provide the necessary technical details to facilitate your assessment.
Once we are on the same page, we will get started. While execution times vary depending on the scope, on average, most projects take one to two weeks of active testing to complete.
All of our assessments go through two rounds of Quality Assurance to ensure our reports and tests meet the highest standards. This includes a technical QA process to ensure our methodology was followed and all evidence was properly collected/analyzed. This is followed by a thorough documentation QA to ensure our reports are consistent and actionable.
Once the reports are complete, we will share them with you via our secure portal. Finally, we will jump on a deliverable presentation to meet with your team to review all findings and answer any questions you may have.
At Triaxiom Security, our primary goal is to make your organization more secure. As part of that, any findings identified during our test that you wish to remediate can be included in a one-time retest within 90 days of report delivery, free of charge. The team will validate that your remediation efforts were effective and will update the reports to reflect your heightened security posture.
Get A Mobile App Pen Test Quote
Find and fix vulnerabilities that ACTUALLY impact your business and compliance goals faster.
