Mobile Application Penetration Testing

Mobile Application have grown very fast in the world nowadays. Almost everyone has a mobile device and uses various applications on that device. However, the security of the mobile applications may vary as the developers and functions of the applications are totally different. This opens the floodgates for attackers to understand the mobile application, decompile it, and find vulnerabilities that can be used to compromise the users. For this, a mobile application penetration assessment is absolutely necessary.

Following the OWASP Mobile Application Standard (Top 10), FIRMUS as a CREST penetration testing provider ensures that the automated and manual testing done for the mobile application is thorough and all known vulnerabilities are found and resolved. Authenticated and unauthenticated penetration testing is one of the method used by FIRMUS to test the mobile application. Other than that, a static and dynamic testing will be done as well. Static Assessment is done using the mobile application file before being installed on the device, i.e. APK / IPA file. Where as for Dynamic Assessment, the consultants will install the mobile applications on the respective devices and try to penetrate the mobile application by interacting with it via a proxy. This is to ensure both of these areas are covered and tested before those applications are sent out to the market for the users.