Mobile App Security Testing

Ideally - just the mobile app. At Apptrusty, we believe in mimicking real life hackers. They have access only to your app's binaries and ideally that's all we expect from you. Once we are formally and professionally engaged with you to perform pentesting of your mobile app, we do ask few questions such as below

There are few more questions besides above, which are relevant to your application's business functionality. We map all this to do threat modeling of your application and figure out how to perform the vulnerability assessment and penetration testing. Once the app is mapped, we employ a very methodical, technical and systematic approach to perform penetration testing. While we use the detailed OWASP-Mobile-Top-10 model , the testing is broadly categorized into static analysis (data at rest) and dynamic analysis (data in transit) . Please check this page to know how it is done .


Testing Security Of Your Mobile App

Mobile apps are not supposed to be static. Those will make calls to payment gateways, social media and other elements. We need to know that to test your app accurately.

App Binaries

We need app binaries for testing Android (.apk), iOS (.ipa) and Windows app (.xap)

Backend Details

We need to know if your app makes calls to backend web services or REST API stack

Social Media

Need details if and how your app makes calls to social media portals such as facebook

Payment + Wallet

If your app makes calls to payment gateways or money wallets, we need to know that.

Typical Vulnerabilities In Mobile Apps

PhoneGap Apps

Ionic

Xamarin

Native



Flexible service offerings

To suite your organization's size and needs

Basic

  • Vulnerability Assessment
  • Data at Rest testing
  • Data in Transit testing
  • Detailed Technical Report
  • Compliance (Optional)


Mid Size

  • Vulnerability Assessment
  • Data at Rest testing
  • Data in Transit testing
  • Detailed Technical Report
  • Compliance Checks (PCIDSS/HIPAA)

Enterprise

  • Vulnerability Assessment
  • Data at Rest testing
  • Data in Transit testing
  • Detailed Technical Report
  • Compliance Checks (PCIDSS/HIPAA)
  • Compliance Certificate