Mobile app security testing process

Process

Valency Networks follows a technical and systematic approach to perform security testing of your mobile app. The process starts with decompiling and goes through detailed analysis for data at rest and data in transit vulnerabilities.

Following steps are performed.

  • Binary decompilation
  • Static code analysis for data at rest vulnerability mapping
  • Dynamic analysis for data in transit vulnerability mapping
  • Above for OWASP Mobile Top 10 standard
  • Local storage specific checks
  • Cryptography specific checks
  • User input validation checks
  • App's own security layer bypass checks
  • Unintended data leakage checks
  • Malicious inputs susceptibility checks

The results are compiled and converted into a technical report.

Android iOS Application Security Testing (VAPT) Consultancy vendor company , Mobile app security testing process

Mobile App Security Penetration Testing Process

Before Testing Starts

  • Sign NDA

  • Freeze on scope

  • Study Mobile App Architecture

  • Study Mobile App Functionality

  • Decide attack vectors and prioritize

  • Allocate single point of contact

During Testing

  • Black box testing (Without device rooting, jailbreaking)

  • Gray box testing (With device rooting, jailbreaking)

  • Automatic and Manual Testing

  • Testing using OWASP-Mobile-Top-10 Standard

  • Scanning

  • Configuration Check

  • Manifest/Binary Config check

  • Gathering Logs

Testing Details

  • Analysis of data in transit between mobile app stack

  • Analysis of data in transit between app and caller web services

  • Capture and analysis of data at rest on the mobile device

  • Perform Android and iOS specific checks and log capture

  • Map security scenario attack vectors to ensure accuracy

  • Perform analysis on app code modules

  • Manifest/Binary Config check

After Testing

  • Analyse logs

  • Confirm results

  • Apply Knowledge

  • Apply Experience

  • Repeat Test if required

Testing Outcome

  • Detailed technical report

  • Executive summary

  • High level fixation solutions

  • Certificate of testing completion (optional)

Our Culture

Valency Networks is a very agile, friendly and fun loving atmosphere and yet we maintain a cutting edge technical vibrant work environment.