Mobile Application has grown very fast in the world nowadays. Almost everyone has a mobile device and using various applications on that device. However, the security of the mobile applications may vary as the developers and function of the application are totally different. This opens the flood gate for attackers to understand the mobile application, decompile it and find vulnerabilities that can be used to compromise the users. For this, a mobile application penetration assessment is absolutely necessary.
Following the OWASP Mobile Application Standard (Top 10), Firmus ensures that the automated and manual testing done for the mobile application is thorough and all known vulnerabilities were found and resolved. Authenticated and unauthenticated penetration testing is one of the method used by Firmus to test the mobile application. Other than that, a static and dynamic testing will be done as well. Static Assessment is done using the mobile application file before being installed on the device i.e. APK / IPA file. Where as for Dynamic Assessment, the consultants will install the mobile applications on the respective devices and try to penetrate the mobile application by interacting with it via a proxy. This is to ensure both of this areas are covered and tested before those applications are sent out to the market for the users.