The primary goal of testing mobile applications and supporting infrastructure is to evaluate the ability for an attacker to gain access to sensitive data or attack an organization via the application(s). This type of test is typically conducted in a testing environment on either Android and/or iOS.
Secure Ideas will first evaluate the security aspects of the target mobile applications and infrastructure based on various industry standards as discussed with the client during detailed scoping discussions. We will then identify vulnerabilities and security flaws in each of the mobile applications in scope, with particular attention on the client-side implementation.
From there, we will determine if information stored on mobile devices by the client’s mobile application is sensitive in nature or could be used to bypass authentication to the client’s infrastructure. The final step of a mobile application penetration test is to exploit weaknesses in the mobile applications that could be utilized by an attacker to access sensitive information or obtain unauthorized access, and provide best practices guidance for the application and its features. Finally, we will provide detailed recommendations for security controls and remediation steps that can improve the security of the mobile applications or mobile web service.