What is a Mobile Application Penetration Test?
A mobile application penetration test emulates an attack specifically targeting a custom mobile application (iOS and/or Android) and aims to enumerate all vulnerabilities within an app, ranging from binary compilation issues and improper sensitive data storage to more traditional application-based issues such as username enumeration or injection.
We perform a series of in-depth static and dynamic binary analyses, validation of encryption and secure communication protocols. Additionally, we explore the target application for vulnerabilities that cannot be found by automated means, such as business logic flaws. For the best results, we develop custom test cases to probe the application and find the faults before the bad guys do.
All of our mobile application security testing is benchmarked against the industry-recognised Open Web Application Security Project (OWASP) Mobile Security Testing Guide.
- 42% of small businesses currently have a mobile app, with 30% planning to build one in the future.
- 85% of companies say that their organisation is at moderate risk when it comes to mobile threats.
- On average, 45% of vulnerabilities discovered during dynamic binary analysis result in information leaks.
- According to the 2016 State of Application Security report by SANS, 90 percent of the apps tested in the app stores had at least two critical security vulnerabilities.
- Our Mobile Application Penetration Test service can be used to ensure compliance with PCI DSS requirement 11.3 (penetration testing) as it includes both network and application layer testing.
Why Choose BlackBug?
Having your web applications exposed to the world gives employees the flexibility and mobility to work remotely, but a the cost of allowing an attacker to compromise them from anywhere in the world.
Our Mobile Application Penetration Tests help identify weaknesses in your application development and deployment, and provide benefits including:
- Validating that your application stores sensitive information securely
- Assessing whether attackers can intercept and exploit calls from the mobile application to various API endpoints
- Determining if an attacker can access sensitive data stored locally on the mobile device
- Determining the access paths an attacker can follow if they gain access to your web application
- Discovering business logic flaws that could lead to the theft of sensitive data
Our consultants are highly skilled penetration testers who can test your mobile applications for misconfigurations, carry out exploits and attacks in a safe and controlled manner, and advise on appropriate remedial measures to make sure that your airwaves are secure without the technical jargon.
By building off industry-recognised testing standards, such as those developed by the Open Web Application Security Project (OWASP) Mobile Security Testing Guide, we ensure that our assessments deliver the right balance of breadth and depth to allow you to feel confident about your application security.