Mobile Application Testing

More than half of the world’s web traffic now comes from mobile devices. Ensure your mobile apps are secure.

As smartphone and tablet use increases, as does our use of mobile applications. With over 25% of apps containing at least one high-risk vulnerability, security testing is more important than ever. 

Flaws within mobile apps can cause issues not only for the individuals using them but also for application owners or developers too. Data exfiltration is a key concern, which could have a knock-on effect on your organisation’s finances and reputation.  

Reference: https://cybersecurity.asee.co/blog/mobile-app-statistics-to-keep-an-eye-on/ 

Mobile Application Testing

Methodology

We categorise mobile applications into two areas:

  • Web services/API based applications, which are responsive to compatible interfaces.
  • Native applications which are developed for a specific platform i.e. iOS and Android.

Our assessment includes both the client and server elements used by the mobile app, in accordance with the OWASP mobile assessment framework. 

For web service / API assessment, we perform a web application penetration test, in line with the OWASP application testing standard.

We identify the web service endpoints and assess privilege escalation opportunities, error handling problems, injection flaws, broken access controls, and other web application threats.

The application is further analysed to determine what information is stored locally on the device and could be recovered from a stolen device or malicious third-party applications. 

The subsequent review of cached information checks for sensitive data in clear text, as insecure local storage is a concern if the device is lost or stolen.

Reverse engineering the application helps identify any sensitive information such as encryption keys, hard-coded database credentials, server IP addresses, or default credentials left behind by the developers within the binary.

The final deliverable contains detailed recommendations to help developers remediate the issues identified during the assessment. Where a problem cannot be quickly remediated, mitigation strategies will be presented, depending on the environment where the application is implemented.

Overview

Testing typically covers:

  • Static analysis.

  • Network Traffic Analysis.

  • Authentication and Authorisation review.

  • Tampering and Reverse Engineering.

  • Storage Mechanism.

  • Web Service/API Analysis.

Let’s Make Things Happen

Fill the form in and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements

“It was obvious, very quickly, that the Cognisys team knew exactly what they were doing. The speed that they uncovered some major issues justified our selection of them. I’d be more than happy to recommend them.”

Dan Mitchell

Head of IT – Clarion Solicitors

Cyber Security Expert

Alex Martin

Cyber Security Expert
01422 416000
Thank you for your message. We will be in contact soon.
There was an error trying to send your message. Please try again later.

By submitting my data I agree to be contacted