Mobile Application Testing
Increasing popularity of mobile applications in recent years results in an increasing amount of sensitive data that is processed by them. Nowadays, smartphones not only provide access to services, but also store many personal and financial data.
Mobile applications account for 52% of the global network traffic.
Security testing of mobile applications allows us to identify vulnerabilities related to improper behaviour within iOS or an Android platform and also to detect problems with provided server API.
Vulnerabilities in mobile applications can lead to customer takeover. They can also allow direct attack on the application owner’s infrastructure.
Our experience in mobile application tests guarantees a comprehensive approach and high quality of provided services.
Methodology of our tests consists of the following elements:
• Static Application Security Testing (SAST) – We verify whether an application has been safely configured and if there is any redundant data in the application package. We also carry out reverse engineering.
• Dynamic Application Security Testing (DAST) – We focus on analyzing the application’s behavior within an operating system (Android oraz iOS) during its execution. We also check whether the application stores files in a safe manner and whether it is properly protected against Inter Process Communications.
• API security testing – We verify the security of communication between application and the server endpoint. The first step of this process is to analyze the parameters exchanged by the application and a server. Then, we develop and verify adequate test scenarios.
• Source code review – our review is based on Mobile Application Verification Standard (MASVS) and is performed with direct cooperation with the client’s developers.
If you want to learn more about our approach to testing mobile applications, see our test demonstrations for Android and iOS platforms:
Safety testing of applications dedicated to the Android platform
Building and hacking modern iOS apps
Our team stays up to date with all new techniques and latest trends regarding mobile applications security. We also create our own tools and make research in this area, the effect of which are presentations at numerous international conferences, including Objective by the Sea, Secure or Confidence.
We encourage mobile application developers to check out our guide “Best practices regarding mobile application security”. Also, feel free to use our iOS Security Suite, which allows you to verify whether an iOS application is running on a secure device.
If you wish to get a quote for mobile application security testing, feel free to contact us. Each application is different – you will receive a set of questions from us that will allow us to estimate the workload and a quick valuation of the project. If necessary, we will contact you to determine the specificity of your needs, details of the application functionality and the broader context of security tests, so that their results are of greatest value to you.