Mobile Application Penetration Testing : Cyberarchy

A Mobile Application Assessment (MAA) provides in-depth manual and dynamic (run-time) analyses of Android/iOS devices and applications, irrespective of source-code availability, following the OWASP Mobile Security Testing Guide (MSTG) and OWASP Mobile Application Verification Standard (MASVS) methodologies. Using the same tools and techniques as real attackers in addition to our own, we’ll test your mobile applications for the OWASP Top 10 Mobile Risks.

When conducting an MAA as a Hybrid Application Assessment (HAA), we’ll leverage the source code provided to validate and locate vulnerabilities. If source code isn’t available, the team will attempt to reverse engineer the application’s binary to partially reconstruct an application’s source code and attempt to identify security vulnerabilities.

Methodology

We have adopted a hybrid approach for application penetration testing, wherein we follow the OWASP methodology and build custom test cases around the business logic that varies from client to client. This penetration testing approach helps us ensure thorough end-to-end security.

Mobile Application Assessment highlights

Deeper than a pen test

Our methodology uses both binary and file-level analysis to find hard-to-discover vulnerabilities, going far deeper than a typical penetration test.

OWASP Top 10

We test for Improper Platform Usage, Insecure Data Storage, Insecure Communication, Insecure Authentication, Insufficient Cryptography, Insecure Authorization, Client Code Quality, Code Tampering, Reverse Engineering, and Extraneous Functionality.

API security

Our team also inspects the application’s API and dynamically instruments the application’s binary to identify issues in the business logic.

Common vulnerabilities we discovered in the past

Poor Code Obfuscation

Excessive Information Leakage

Insecure Communication

Insecure Data Storage

Remote Code Execution

SQL Injection

Source Code Leakage

Broken Authentication

Broken Session Management

Broken Access Control

Gain expert visibility into mobile risks so you can keep data private and secure.

Simulate Attacks and Assess Your Security Posture

Assessment is the first step to securing your mobile application environments. Our team of experienced pentester put the full spectrum of your application under the microscope, performing runtime patches, network interception, filesystem storage, device keystore storage, binary reverse engineering, and server-side testing.

Strengthen Compliance and Governance

We’re your partner in supporting your governance and compliance programs. Many regulatory requirements and internal policies mandate manual testing of your mission-critical apps. With deep expertise in mobile platforms, we’ve got you covered

Discover Vulnerabilities with Advanced Analysis

By combining binary and file-level analysis, we identify difficult-to-find vulnerabilities. Notably, we test for the OWASP Top 10 Mobile Risks including Improper Platform Usage, Insecure Data Storage, Insecure Communication, Insecure Authentication, and more.

Benefit from Cutting-edge Mobile Assessment Tools and Technology

Our team uses advanced technology to create and use virtual devices when conducting our assessments. Our approach is highly efficient – maximizing testing time rather than configuring and managing physical mobile devices

Expose All Attack Vectors in Mobile Apps

We go beyond testing communications and a mobile app’s artifacts. We’ll also reverse engineer an application’s binary to find and exploit high severity security issues. Plus, we test the application’s API and dynamically instrument the binary to identify issues in the application’s business logic.

Operationalize Findings with Actionable Reports

Our high-quality reporting goes above and beyond static risk ratings and generic scoreboards. In addition to being fully customized to your application, your organization, and your desired outcomes, our reports offer actionable security guidance