Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Mobile Application Testing

Mobile application security assessment is the must do exercise to get an assessment of your applications to keep malicious users away from your infrastructure. 

Find out more
Get a FREE 30 min consultation

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

Mobile applications are usually categorised in two areas, i.e., either web-based application that is responsive to mobile devices to offer compatible interfaces, or native mobile application developed for mobile devices only.

For the former, web application methodology is used to identify risks related to the application under review. If any web service endpoints are in use, these are also taken into consideration. In case of native mobile application, a different approach is taken due to the nature of installers, and the underlying development. Not only would mobile application testing be performed in this case, the mobile device would also be reviewed in order to attempt the retrieval of any residual data.

This information stored locally on the device is further checked for any encryption schemes implemented on the data or an assessment is performed further where this information can be used in conjunction with organisation's allowed scope of work. 

We have a dedicated security assessments FAQ section. Read it here.

Why you need Mobile Application Testing?

The mobile application security assessment is the must-do exercise to get an assessment of your applications to keep malicious users away from your infrastructure. Similarly, internal web applications are necessary to avoid leakage of information, unauthorized access to data, or to avoid potential damage by introducing insecure code.

Methodology

API Analysis

Modern applications (including mobile) rely on API's for their features / functionalities. Once the API endpoints are identified - during network as well as static analysis - these would be further assessed. Weak API endpoints could lead to trivial functionality bypass or sometimes, potential denial of service scenarios.

Storage mechanism

We will analyse how the app behaves during run time in terms of data storage. The file storage mechanism would be analysed to ensure data retained on the device after the app is terminated is in line with best practices. Clear-text or data with weak encryption mechanism would be considered as a fail. The stored data will also be tampered to ensure no vulnerabilities exist when the app is relaunched

Tampering and Reverse Engineering

Reverse engineering a mobile app is the process of analyzing the compiled app to extract information about its source code. The goal of reverse engineering is to comprehend the code.

Review Authentication Architectures

Authentication and authorization problems are prevalent security vulnerabilities. Most mobile apps implement user authentication. Even though part of the authentication and state management logic is performed by the back end service, authentication is such an integral part of most mobile app architectures that understanding its common implementations is important.

Network traffic analysis

The mobile device will be configured to route its connection to the server using a local HTTP proxy. This will enable all the network traffic to be intercepted, viewed, and modified. It will also reveal the communication endpoints between the application and the server so that they can be tested. Network traffic that is not traversing the Web and is happening at a lower layer in the TCP/IP protocol stack, such as TCP and UDP packets, will also be intercepted and analysed.

Static Analysis

Without executing the application, the mobile app binary is decompiled to understand the internal workings through its source code. During this testing, using our static code analysers, we identify vulnerabilities around the use of insecure libraries, functions that could lead to additional code-level vulnerabilities.

Check your mobile apps against top ten flaws.
Call Us Now

Why Defendza ?

Thorough Analysis and Reporting

Our reports are comprehensive and include all the evidence that supports our findings. We give you a risk rating that considers how likely an attack is as well as the impact it could have. We don’t create panic scenarios. Our mitigation is detailed, covering both strategic and tactical areas to help our clients prepare a remediation plan.

Custom tools and scripts

Apart from the range of commercial and open source tools available for specific testing, our team has its own custom scripts for efficient testing. We provide accurate results to make sure our clients completely understand any vulnerabilities we report.

In-house experts

Our teams are led by veteran security consultants accredited by CREST standards for the last several years. Our experience shows that our clients are best served by giving them the right advice for their cyber security needs. We do not believe in spreading fear, uncertainty and doubt to generate more business.

Key Benefits

A free 30 min consultation with our security experts.
Call Us Now

Testimonials

"My experience to date with Defendza has been very positive, I look for a flexible, knowledable security "partner" when I engage a PT firm. Pentest means many things to many people and there are many different use cases for both the testing activity and the report generated and I need someone to work with me to get the absolute best value out of my security budget."

Information Security Officer
Insurance Group

Excellent people to work with. Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site."

Head of Technical & Business Improvement
Leading Pharmaceutical Manufacturer

"I thought it was a highly professional and thorough exercise and I would have no hesitation recommending Defendza to any of my connections."

Director, Software Engineering
Global Information and Analytics Company

"Good personal service. We are delighted with the work Defendza did for us. Highly recommended."

CTO
Manchester headquartered Global Fashion Brand

"Extremely satisfied with approach, speed and end results. Thanks."

COO
International fashion label and store

"My experience of the Defendza team was 5 star.  They were so helpful, and their technical delivery and client communication were excellent."

Director, Software Development
Corporate Services Company

Related News

05/09/2019

Medical records compromised

An investigation was immediately launched which revealed the compromised account contained protected health information. Affected patients were notified about the breach on April 12, 2019. All individuals impacted by the breach had received medical services from Questcare in the Dallas, Fort Worth, or Arlington regions of Texas. 

18/06/2019

Netflix issues urgent warning

Netflix customers in Ireland are being targeted with a phishing attack in an attempt to hack their accounts. The streaming giant has put out a warning to try to avoid other users falling victim to the same fraud.