mobile_
application_
testing

protecting your mobile
applications

The use of mobile applications continues to grow and for many organisations they are now a critical technology on which business operates.

Mobile applications often handle sensitive information and can provide access to back end systems. This makes them an ideal target for threat actors and vulnerabilities within an application can provide access to sensitive data, as well as your wider network.

The security of mobile applications is therefore vital and needs to be considered at all stages, from development through to deployment.

the benefits of mobile application testing

assurances throughout the development lifecycle

Security needs be considered throughout the application development lifecycle and regular mobile application tests should cover initial development, go live and subsequent releases. We can issue a letter of opinion following testing, providing customers, and stakeholders, with the security assurances they need.

provide security assurances during procurement

Procuring a third-party mobile application can solve problems for your organisation, but if that app is compromised it could also create issues. Mobile application testing provides the security assurances you need during the procurement process, working closely with you and your third-party developers to ensure applications meet requirements.

prevent wider cyber-attacks

Vulnerable mobile applications can often provide attackers with an initial foothold as part of a wider attack against your organisation. Our mobile application tests allow you to identify and classify your most critical mobile application vulnerabilities, providing you with vital remediation advice.

protect your company reputation

A compromised mobile application can ultimately lead to financial, operational and reputational damage for both client and developer. Mobile applications therefore need to be tested on a regular basis, helping you to protect your organisation and clients from damaging cyber threats.

what we test

Our mobile application testing is tailored to your requirements, whether you’re looking to test the entire application or just specific areas of functionality.

There are three types of mobile applications we test:
 
  • Native apps – Designed specifically for mobile operating systems such as Android, iOS, Windows and BlackBerry
  • Hybrid apps – Web apps disguised in a native app wrapper that are built with multi-platform web technologies (e.g. JavaScript, HTML5 and CSS)
  • Web apps – Behave in a similar fashion to native applications, but use a web browser to operate and are typically written in JavaScript, CSS or HTML5
Our consultants will investigate the following areas:

  • Information gathering: Application architecture and design, platform mapping, languages and frameworks
  • Client-side attacks: Files analysis, binary analysis and memory analysis
  • Network-side attacks: Installation traffic and run-time traffic
  • Server-side attacks: Network layer attacks
  • Layer 7 attacks: Application layer attacks

our approach

Every mobile application test we conduct goes through a rigorous process, ensuring you get the best possible outcome for your business. Below we outline the key stages out penetration testing goes through: 

1.scoping

We work with you to fully understand your organisation, the mobile application in question and desired test outcomes.

2. proposal & prerequisites

A proposal will be drawn up outlining the planned scope of work and the preparation needed to start testing.

3. testing

Our consultants are given access to the mobile application, using their expertise to evaluate the product from a security standpoint.

Penetration testing approach - Pentest - Information security assurance

4. ongoing communication

Our consultants will communicate with you throughout the test, to your set requirements.

5. reporting

A comprehensive, quality assured report of test findings will be delivered.

6. post-test support

Our consultants will be available to offer guidance on any aspect of the report, as well as remediation efforts.

7. retest

Our consultants will be available to offer guidance on any aspect of the report, as well as remediation efforts.

why choose us?

Our penetration tests are designed to support your security improvement efforts. Whether it’s your first test, or you’ve conducted hundreds, our team are dedicated to making the process as seamless as possible, to pass on their wealth of expertise and to deliver long-term value to you and your organisation.

experience and expertise

Our team of security sonsultants have years of experience and a depth of expertise in mobile application testing. We invest significant time into security research projects, honing and developing skills which allow our consultants to deliver the best possible results for your organisation.

dedicated contact throughout

Every organisation we work with is appointed a dedicated account manager. Our account managers understand the complexity of coordinating tests and will work with you to ensure your test runs smoothly.

testing tailored to your business

No two organisations are the same and neither are our web app tests. We work closely with you to fully understand your goals, the application in question, the security challenges, operational needs and priorities before we undertake any work.

quality reporting

Every penetration test report undergoes an internal QA process and is peer reviewed. Our reports provide you with a managerial overview of findings, an in-depth technical review of the vulnerabilities found and our remediation advice.

post-test support

Our job doesn’t finish on the delivery of a report and our expert consultants will be available to answer any questions, to share their expert knowledge, and to provide remediation support to internal development teams or external suppliers.  

optional retest

We can provide an optional retest into our testing, making sure issues have been understood and remediation efforts have been implemented as effectively as possible. 

added value

Value is about more than just cost. Our value comes from scoping engagements accurately, our detailed reports, providing your team with post-test support, the expert knowledge we impart and by going above & beyond the tick box deliverables used by other information security providers.