Mobile application security testing

More than half of the world’s web traffic now comes from mobile devices. Ensure your mobile applications are secure.

As smartphone and tablet use increases, as does our use of mobile applications. With over 25% of apps containing at least one high-risk vulnerability, mobile application security testing is more important than ever.

Flaws within mobile apps can cause issues not only for the individuals using them but also for application owners or developers too. Data exfiltration is a key concern, which could have a knock-on effect on your organisation’s finances and reputation.

Methodology

We categorise mobile applications into two areas:

  • Web services/API based applications, which are responsive to compatible interfaces.
  • Native applications which are developed for a specific platform i.e. iOS and Android.

Our assessment includes both the client and server elements used by the mobile app, in accordance with the OWASP mobile assessment framework.

For web service / API assessment, we perform a web application penetration test, in line with the OWASP application testing standard.

We identify the web service endpoints and assess privilege escalation opportunities, error handling problems, injection flaws, broken access controls, and other web application threats.

The application is further analysed to determine what information is stored locally on the device and could be recovered from a stolen device or malicious third-party applications.

The subsequent review of cached information checks for sensitive data in clear text, as insecure local storage is a concern if the device is lost or stolen.

Reverse engineering the application helps identify any sensitive information such as encryption keys, hard-coded database credentials, server IP addresses, or default credentials left behind by the developers within the binary.

The final deliverable contains detailed recommendations to help developers remediate the issues identified during the assessment. Where a problem cannot be quickly remediated, mitigation strategies will be presented, depending on the environment where the application is implemented.

Mobile application testing service overview

Testing typically covers:

  • Static analysis
  • Network traffic analysis
  • Authentication and authorisation review
  • Tampering and reverse engineering
  • Storage mechanism
  • Web service/API analysis

Discover how we’ve helped leading organisations

READ OUR CASE STUDIES

RECENT UPDATES

Understanding internal vs. external penetration testing: which is best for your business?

TIPS

Understanding internal vs. external penetration testing: which is best for your business?

In this blog, we will help you understand the differences between internal and external penetration testing and how to choose the best approach for your industry.

Key features your vulnerability management platform must have

BLOG

Key features your vulnerability management platform must have

In this blog, we delve into the core concepts of vulnerabilities and the significance of a robust vulnerability management platform.

The biggest cyber attacks and vulnerabilities from June 2024

BLOG

The biggest cyber attacks and vulnerabilities from June

Insights and trends from recent cyber threats and vulnerabilities from June.

Let’s make things happen

Fill in the form and one of our team will be in touch for a no-obligation discussion or quote regarding your requirements.

info@cognisys.co.uk
Leeds office

5 Park Place
Leeds
LS1 2RU

info@cognisys.co.uk
Manchester office

The Sharp Project
Thorpe Road
Manchester
M40 5BJ

LET’S TALK