Mobile Application Security Testing tests Android and/or iOS apps and the web services/APIs they interact with.
Testing involves automated and manual evaluations of one or more apps to ensure they provide protection against abuse of your data. We use industry-standard tools to carry out automated scans looking for well-known vulnerabilities, and we also conduct manual testing to find vulnerabilities and attack vectors not otherwise detectable by automated tools.
This is more than a simple vulnerability assessment. We actively attempt to circumvent security controls by carrying out exploits that take advantage of discovered vulnerabilities, revealing what an adversary would be able to do. During testing, we look for any method that can violate the CIA Triad security model (confidentiality, integrity, availability).
The purpose of testing is to enumerate your exposure (within the given time constraints), identify and verify as many vulnerabilities as possible, ensure the security of your app is strong, and then provide actionable solutions to help you protect against attack/compromise. For example, we use industry-standard tools and techniques to look for well-known/unpatched vulnerabilities that allow an attacker to gain access to carry out remote code execution, privilege escalation, circumventing intended controls, gain access to sensitive data, etc.
In most cases, we will leverage the discovered vulnerabilities to (1) verify it is exploitable and (2) determine the exposure, should it be breached. The testing is largely centered around the OWASP Mobile Security Testing Guide, but also includes our internal/proprietary methodologies.
View our Sample Findings and Recommendations Report to see the level of detail PEN Consultants provides in our report.
In order to keep our testing prices low, we’ve removed certain services that not every client requests. You only pay for the following services you need.