- Oxford: +44 (0)1865 877830
- Manchester: +44 (0)161 713 0176
- Edinburgh: +44 (0)131 541 0118
- New York: +1 646-781-7580
- Bucharest: +40 316 301 707
- Tokyo: +81 (3) 4588 8181
Organisations from banks to bed and breakfasts are now providing mobile apps for their customers on a variety of devices and operating systems. Mobile apps are just as vulnerable to attack as web applications. Dionach offer specialist mobile app penetration testing to cover the specific needs of mobile app vulnerabilities.
Mobile apps can be considered as two separate parts: the mobile app itself on the devices, and the web services that the mobile app communicates with. Dionach will carry out an effective penetration test by looking extensively at both of these elements.
The penetration test as a whole will follow a general penetration test process: information gathering, scanning and probing, vulnerability assessment, exploitation, and reporting. The mobile app itself will be checked for:
The platforms included in the penetration test could be iOS IPA files on the iPhone or iPad, Java APKs on Android devices, XAP files for Windows Phone, other mobile platforms, or several of these platforms.
The penetration test on the web services that the mobile app communicates with is more like a standard web application penetration test, with consideration of the OWASP top ten, business logic flaws, information disclosure, and web server infrastructure vulnerabilities.
The final deliverable is a comprehensive report with an executive summary and a list of technical vulnerabilities, prioritised by risk. The vulnerabilities will have recommendations for remediation.
Contact Dionach now with a link to your mobile app for a quote for a mobile app penetration test.
© Copyright 2020 Dionach