MOBILE APP PENETRATION
TESTING

Mobile apps are the unsuspecting prime targets used by attackers to breach your organization. Hackers leverage rooted Android devices and jailbroken Apple devices to strip away the security controls which natively protect your apps. Abricto Security executes the same attacks used by cybercriminals to compromise your mobile apps. We follow the OWASP Mobile Security Testing Guide to ensure the holistic security of your mobile apps and their back-end infrastructure.

Purpose

Organizations should conduct mobile app penetration tests to find and remediate vulnerabilities which compromise the security of the mobile app itself, the data that it handles, or the API that it interacts with. Penetration testing should be conducted in a dedicated testing environment, at the beginning of the deploy phase of a software development lifecycle. Once penetration testing is complete and vulnerabilities have been remediated, the app and its web services can be deployed to production.

Areas of Focus

  • Comprehensive assessments that adhere to the OWASP Mobile App Testing Framework.
  • Assess both the app itself and the supporting infrastructure behind it; session management, cryptography, input sanitization and more.
  • Dynamic analysis and manipulation of web API calls.
  • Manual and semi-automated static code analysis.

Deliverables

  • Comprehensive security findings report, detailing tools and methods used during testing.
  • Executive briefing to discuss business impact scenarios.
  • Technical briefing for root cause analysis and remediation of exploitable vulnerabilities.
  • Testing artifacts to allow for validation of remediation efforts.

Whether you’re developing apps for IOS or Android, a comprehensive vulnerability assessment with an in-depth penetration test will ensure the safety of your end users’ data.