Valency Networks follows a technical and systematic approach to perform security testing of your mobile app. The process starts with decompiling and goes through detailed analysis for data at rest and data in transit vulnerabilities.
Following steps are performed.
Static code analysis for data at rest vulnerability mapping
Dynamic analysis for data in transit vulnerability mapping
Above for OWASP Mobile Top 10 standard
Local storage specific checks
Cryptography specific checks
User input validation checks
App's own security layer bypass checks
Unintended data leakage checks
Malicious inputs susceptibility checks
The results are compiled and converted into a technical report.
Mobile App Security Penetration Testing Process
Before Testing Starts
Freeze on scope
Study Mobile App Architecture
Study Mobile App Functionality
Decide attack vectors and prioritize
Allocate single point of contact
Black box testing (Without device rooting, jailbreaking)