Mobile Application Testing

Our advanced penetration testing improves your security and keeps you in control.

Download PDF
Get In Touch

What is Mobile Application Testing?

Android & iOS

More than half of the worlds web traffic now comes from mobile devices.

Make sure your mobile application is protected through penetration testing.

Mobile devices are an attractive platform for developing applications for all sectors of the industry. Because of their ease of use and handling of sensitive user information, a Mobile Application Assessment is an essential exercise, designed to keep threat actors away.

Cognisys discover new attack vectors and threats against mobile devices and the apps that have been designed to run on them, every single day.

Mobile applications are a daily part of life and it’s our job to find the security gaps before anybody else does.

Our Approach to Mobile Application Pen Testing

We categorise mobile applications into two areas,

Web services/API based applications, which are responsive for compatible interfaces, and:

Native applications developed for a specific platform of the devices only.

Our experience involves testing on the following platforms:

iOS (Apple iPhone, iPad),


Windows Phone


What Mobile App Penetration Testing Involves


Our assessment includes both the client and server elements utilised by the mobile app and our methodology is in line with the OWASP mobile assessment framework.

For web service / API assessment, we utilise our web application penetration testing methodology, in line with the OWASP application testing standard.

Our testing team also analyse the network communication protocols to ensure they follow best practices, regarding the confidentiality and integrity of data in transit.

We will identify the web service endpoints and assess the parameters to identify privilege escalation opportunities, error handling problems, injection flaws, broken access controls, and other web application threats.The application is evaluated, with a manual walkthrough designed to identify functionality and key areas to focus on.

The application is further analysed to determine what information is stored locally on the device and could be recovered from a stolen device or via malicious third
party applications. The subsequent review of this cached information ensures that it stores no sensitive data in clear text, as insecure local storage is a concern if the
device is lost or stolen.

Reverse engineering the application helps to identify any sensitive information such as encryption keys, hardcoded database credentials, server IP addresses, or default
credentials left behind by the developers within the binary. The final deliverable contains detailed recommendations to help developers remediate the issues identified
during the assessment. Where an issue cannot be quickly remediated, mitigation strategies will be presented, depending on the environment where the application is implemented


The assessment commences, utilising manual and automated techniques. The following high-level areas are included within the assessment:

• Static analysis

• Network Traffic Analysis

• Authentication and Authorisation review

• Tampering and Reverse Engineering

• Storage Mechanism

• Web Service / API Analysis


The assessment is documented in a simple, easily digestible, format.

Contact Us

Let’s Work Together to Create Your Perfect Test.

Get a Consultation

Let’s Make Things Happen

Fill the form in and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements –

“It was obvious, very quickly, that the Cognisys team knew exactly what they were doing. The speed that they uncovered some major issues justified our selection of them. I’d be more than happy to recommend them.”

Dan Mitchell

Head of IT – Clarion Solicitors

Alex Martin

Cyber Security Expert
01422 416000
Thank you for your message. We will be in contact soon.
There was an error trying to send your message. Please try again later.

By submitting my data I agree to be contacted