GamaMob

MOBILE APPLICATIONS PENTESTING

Today smartphones and cell phones. Similar to web applications, many companies also have a mobile application. Some use it to share information about their organization; some provide dedicated services through them and some are there just to play with.

Mobile application is more important to the enterprise than ever before. Organizations are increasingly looking for a Mobile Application Platform that can support their needs for both current and future projects. It's a broad field and vendors offer a wide array of capabilities.

GamaSec offer, Penetration Testing for

  • Android application extension:apk
  • iOS application extension: ipa
  • Windows application extension: xpa /appx

To perform security assessment of mobile application GamaSec utilize various tools a holistic manner which includes automated scanners, open source tools, custom scripts and manual assessment. This allows us to perform a thorough assessment and uncover deeply rooted vulnerabilities. Once the assessment is complete an actionable reported is created which includes details related to the vulnerabilities, steps to reproduce, proof of concept and steps to mitigate so that the client can patch the issues as soon as possible.

GamaSec Mobile Pen Test Process Includes

  • Understand application working
  • Identifying application permissions
  • Automated Scan
  • Manual Testing
  • OWASP Mobile Top 10 vulnerabilities
  • Logical Flaws
  • Server Pentesting (optional)
  • Comprehensive Report
  • Vulnerability Patch Support

As there are different mobile environments available out there and each one of them has a different architecture, there is no single automation framework available which can cover all the platforms. Hence the approach, tools and methodologies required to test applications for different environment are also different and require more manual effort. The testing is performed using actual hardware devices as well as emulated environment so that a more in-depth understanding can be attained and thorough analysis can be performed.