During a Mobile App Attack & Penetration Test, Secmentis experts attack your mobile applications from a blackbox perspective, focusing on evaluating the security of your mobile applications.
The goal is to identify vulnerabilities in your mobile applications (e.g. Android and iOS mobile apps) and advise you on how to fix them, before malicious individuals exploit them.
Secmentis Mobile App Penetration Test services are available internationally and can be provided remotely. We provide Mobile App Penetration Tests worldwide in the Americas, Asia & Pacific, Europe, and Middle East & Africa regions.
Our Mobile App Penetration Tests are conducted from a blackbox perspective and cover the OWASP Top 10 Mobile Risks vulnerabilities. We methodically follow these steps:
Note: Our penetration tests begin only after you have given us explicit and signed authorization.
Secmentis will provide you with a report which includes the following deliverables at the end of our testing:
Get in touch with us today to understand how we can secure your Android and iOS mobile apps
“It was great working with the Secmentis team: They quickly understood our requirements and appreciated our tight deadlines, and performed very comprehensive, timely, and useful testing.”
Head of IT, (undisclosed) Internet company
“Fantastic communication, very quick turnaround for a detailed report and much more reasonably priced than the big competitors.”
Director, (undisclosed) Gaming company
“We were extremely pleased with Secmentis’ work on the penetration testing engagements. The reports created by Secmentis were very helpful and of very high quality.”
Director, (undisclosed) Social Media company
“Secmentis were very organised and quick to identify the best testing strategy for our gambling platform as per our requirements. [...] Our developers were impressed with how concise and detailed the report was.”
Director, (undisclosed) Gaming company
Ready? Find out how we can secure your Android and iOS mobile apps today
Our Mobile App Penetration Tests cover the OWASP Top 10 Mobile Risks vulnerabilities. The OWASP Mobile Top 10 methodology covers the industry-agreed most critical mobile application security flaws. These vulnerabilities are dangerous because they allow attackers to completely take over your mobile app, steal data, or prevent your mobile app from working.
We identify misuse of mobile platform features or failure to use platform security controls. We discover misuse of platform permissions, misuse of the keychain, or misuse of some other security control that is part of the mobile operating system.
We identify insecure storage of credentials on the mobile file system, inside application databases, or inside the keychain. In addition, we discover unintended data leakage originating from cached data e.g. URLs, logging, buffer caching, etc.
We identify misuse of SSL handshaking, incorrect SSL versions, weak SSL negotiation, clear-text communication, etc.
We expose failures in the identification of users and devices, the maintenance of user and device identity within the mobile application, and weaknesses in session management.
We attempt to identify flaws in the use or absence of cryptography within the mobile applications.
We uncover failures in authorization, where it is necessary, by the mobile application, such as, granting anonymous access to resources, where authenticated and authorized access is required and intended.
We review the source code of mobile applications to identity code-level implementation problems and untrusted inputs, which could enable vulnerabilities such as, buffer overflows, format string vulnerabilities, etc.
We discover whether misuse and tampering of device resident and installed mobile applications is possible, and the ways in which this could be achieved, e.g. memory patching, local resource and memory modification, method hooking, etc.
We analyze the mobile application binary files to gather information that would be visible to a malicious attacker (e.g. cryptographic information, etc.), which could be used to exploit the mobile application.
We discover extraneous functionality within the mobile application that should not appear in the public release version of the application. This may include hidden backdoor functionality left by the developers, unintended sensitive data exposure, disabling 2-factor authentication (2FA) during testing, etc.
We're ready to help you secure your mobile apps today
Our Mobile App Penetration Tests are tailor-made for your organization and custom-built Android and iOS mobile apps.
We perform thorough mobile penetration testing of Android apps based on Android platform releases 8.1.0 (code name "Oreo"), 8.0, 7.1, 7.0 (code name "Nougat"), 6.0 (code name "Marshmallow"), 5.1, 5.0 (code name "Lollipop"), and earlier versions, such as Android 4.4 ("KitKat"), etc.
We perform thorough mobile penetration testing of iOS apps based on the iOS platform and iOS SDK, such as, iOS platform 11.x (for iPhone X, iPhone 8, iPhone 7, iPhone 6 and iPhone 5S), iOS platform 10.x (iPhone 7, iPhone 6S, iPhone 6, iPhone 5S, and iPhone 5), and earlier versions, such as iOS platform 9.x (for iPhone SE, iPhone 6S, iPhone 6, iPhone 5S, and iPhone 4S), etc.
We perform thorough mobile penetration testing of Windows 10 Mobile apps based on the Windows platform, such as, Windows 10 Version 1803 (Windows April 2018 Update, code name "Redstone 4"), Windows 10 Version 1709 (Windows Fall Creators Update, code name "Redstone 3"), etc.
Talk to us today to find out how our experts can best help you