There are few more questions besides above, which are relevant to your application's business functionality. We map all this to do threat modeling of your application and figure out how to perform the vulnerability assessment and penetration testing. Once the app is mapped, we employ a very methodical, technical and systematic approach to perform penetration testing. While we use the detailed OWASP-Mobile-Top-10 model , the testing is broadly categorized into static analysis (data at rest) and dynamic analysis (data in transit) . Please check this page to know how it is done .
To suite your organization's size and needs