Mobile Application Assessment

Mobile devices have evolved to become a convenient and key form of communication enabling customers to easily interact with applications. The rapid adoption of these devices has also made them a key target for attackers and subsequently an increase in data breaches. Additionally, due to their portable nature this also makes them easier to lose and more prone to theft. Therefore, securing the applications on the devices upon which they run is more important than ever.

Rego provide services for both Android and iOS devices, and just as with Web Application Assessments can identify vulnerabilities that can be ironed out in future releases or newly developed applications. Our mobile application tests can identify vulnerabilities, recommended remedial actions and categorize the risk which ultimately can help your development team implement security by design to prevent future breaches.

Page Contents

Get a Quote

Testing
Process

The initial step is to map the application to gain some familiarity so we know what functionality is offered. We then combine the OWASP mobile top ten with usual web application testing techniques alongside our own methodologies. This approach looks at the how the application can be exploited from the client side and the server side as well as secure communication channels.

The approach can be broken down into the following:

 
  • Identifying functionality as part of the application mapping phase
  • Static analysis of files once the application has been decompiled
  • Dynamic analysis performing client side attacks
  • Secure communication channel checking
  • Server side attacks