Penetration Testing for iOS/Android
Modern businesses are using mobile apps in innovative ways, from banking applications to fitness trackers. Managing risk on these platforms is increasingly challenging, with new attack vectors discovered every day. How do you know your mobile application is safe from attackers?
White Knight Labs offers top-tier mobile application penetration testing services, providing a holistic risk assessment to your mobile application. With industry-leading security engineers that possess deep experience in both iPhone and Android, we provide thorough testing into on-device security issues, back-end web services, and the API’s which glue it all together.
What to Expect in our Mobile Pentesting Service
Support for both iOS and Android Platforms
With combined decades of experience in both iOS and Android penetration testing, WKL understands the unique security challenges and vulnerabilities with each mobile architecture. This expertise allows us to customize assessments to specific concerns, such as reverse-engineering an iOS app or malware threats to an Android app.
Each mobile security assessment simulates multiple attack vectors and risks including the following: insecure storage, stolen device risk, mobile malware attacks, plaintext secrets, and authenticated/unauthenticated user testing.
Static, Dynamic, and Source Code Pentesting
Integrating both static and dynamic analysis, our security experts perform static and dynamic tests on each mobile app to identify all vulnerabilities. This deep-dive methodology also targets local vulnerabilities as well, such as insecure storage of credentials and Android backups including critical app data.
While our iOS/Android experts can decompile or reverse-engineer the mobile apps themselves, more vulnerabilities can be found through a full source code review of the application. By reviewing the mobile app source code during the penetration test, the WKL experts can identify deeply buried vulnerabilities thereby increasing the efficacy of the penetration test.
Mobile Security and Reporting Expertise
Standard and Jailbroken Device Testing
Our mobile security assessments take multiple attack vectors and threats into account, including Jailbroken iOS and rooted Android devices. By comparing the vulnerabilities found in both options, WKL can demonstrate the security risk from multiple user types, including dedicated attackers and common users.
Reporting
Documentation and reporting are key to the success of a mobile app pentest. A WKL report includes the following: an executive summary, technical findings with a risk-based severity level, and also a csv with all findings for easy tracking. Reports can be tailored to meet the needs of both leadership and app developers. Specifically, this penetration testing reporting is broken down into the following items:
- Executive Summary
- Summary Risk and App Strengths/Weaknesses
- Risk-Prioritized Vulnerabilities and Description
- Vulnerable Code Sections (when Source Code Review is integrated)
- Attack Path Mapping
- Remediation Recommendations
