error_outlineWEBSITE HACKED ? sos@getsecureworld.com

Mobile application pentest

Is your mobile app safe from attackers ?

Both business and public organizations today are using mobile apps in new and compelling ways, from banking applications to healthcare platforms. Managing security risk is a growing challenge on these platforms, with new vulnerabilities found every day. Is your mobile app safe from attackers ?

Getsecureworld team offers top-tier mobile app penetration testing services, providing a holistic risk assessment to your mobile application. With industry-leading researchers and security engineers in both iPhone and Android, we provide deep dive testing into local, on-device security issues, back-end web services, and the API’s which connect them.


DISCOVER MORE

Service Overview

What is Mobile App Pentest ?

A Mobile Application Penetration Test is an authorised and simulated hacking attempt against a native mobile application such as Android, Windows, and iOS. The purpose of this test is to identify and exploit vulnerabilities in an application, and the way it interacts and transfers data with the backend systems.


Download brochure


All You Need Is Here

Mobile App Pentest

All the security aspects are covered


Architecture, design and threat modelling

Check app components and security controls

Data Storage and Privacy

Identity the stored data and check the way they are stored in

Cryptography

Check for hard coded keys and weak algorithms

Network Communication

Checking network communication encryptions

Platform Interaction

Check app requested permissions and the way it interact with the system

Authentication and Session Management

Checking authentication and session management system for possible bypass

Background

METHODOLOGY

How It Works

the quieter you become ... the more you can hear.


Step 1

Defining the scope

Before a mobile application assessment can take place, getsecureworld expert define a clear scope of the client. Open communication between the expert and the client organization is encouraged at this stage to establish a comfortable foundation from which to assess.

Defining the scope
Background

Step 2

Information Gathering

Getsecureworld team collect as much information as they can on the target, employing a myriad of OSINT (Open Source Intelligence) tools and techniques. The gathered data will help us to understand the operating conditions of the organization, which allows us to assess risk accurately as the engagement progresses.

Information Gathering
Background

Step 3

Static Enumeration

At this stage, we incorporate manual and automated scripts and techniques, among other tactics in more advanced information gathering. getsecureworld team closely examine any possible attack vectors by doing a static reverse engineering of the app. The gathered information from this stage will be the basis for our exploitation in the next phase

Static Enumeration
Background

Step 4

Dynamic Enumeration

At this stage, we incorporate manual and automated scripts and techniques, among other tactics in more advanced information gathering. getsecureworld team closely examine any possible attack vectors by running the app in a controled environement. The gathered information from this stage will be the basis for our exploitation in the next phase

Dynamic Enumeration
Background

Step 5

Attack and Penetration

With careful consideration, we begin to attack vulnerabilities found within the webapp. This is done cautiously to protect the application and its data, while still verifying the existence of discovered attack vectors.

Attack and Penetration
Background

Step 6

Reporting

Reporting is the final stage of the assessment process. Getsecureworld team aggregate all obtained information and provide the client with a thorough, comprehensive detailing of our findings.

Reporting
Background

Technical Requirements

The folowing list of requirements is only indicative and other elements can be requested before launching the mission.


Permissions proof

To be able to work legaly GetSecureWorld Team can ask for some ownership or autorisation proof.


Test accounts

To be able to do a graybox pentest of your webapp, some user account could be asked. this accounts are only used for tests and could be repoved once the tests finish.


App urls

To start the pentest we will need to get the domain name of the targeted webapp





Small app

Small and not complex android app
$ 9990
  • check Professional report
  • check Recommandations for fixing
  • check 1 Free recheck
  • close Backend communication
  • close Internal business logic
  • close Internal Encryption
  • close Payment page
BUY NOW


Big app

Big and Complex android app
$ 39990
  • check Professional report
  • check Recommandations for fixing
  • check 6 Free recheck
  • check Backend communication
  • check Internal business logic
  • check Internal Encryption
  • check Payment page
BUY NOW