Mobile applications provide a simple interface between users on mobile devices and web exposed services.  Many attacks are possible against the data at rest stored by a mobile application, and the data in transit sent and received by a mobile application.  As mobile application development is still relatively new, good secure coding practices are not well established.

The threat  for mobile penetration testing is an unauthorised outsider attempting to gain access to confidential information stored or transmitted by a mobile application.

The goal of the simulated attacker performing a mobile penetration test is access to confidential information on the mobile device or hosted in the cloud.

The testing follows a consistent and structured approach covering the following layers of the OSI network model:

Transport

The methodology for the testing is as follows:

  • Application traffic analysis
  • Privacy Issues
  • Local data storage
  • Caching of sensitive information
  • Reverse engineering
  • URL schemes
  • Push notifications
  • Review of code associated with critical functions
  • Man in the middle attacks

Upon identifying any weaknesses within your system DMA will provide you with a report detailing all of the vulnerabilities which have been identified within your system, categorising them by their risk and offering suggested remediation activities which should occur. These remediation activities can be completed by your organisation or DMA’s services can be enlisted to assist.