Mobile App Penetration Testing

Typically focusing on bespoke mobile apps developed by or for the client, this type of penetration testing is concerned with using the app to compromise the mobile device running it, any online web services or application programmable interfaces (APIs) that the app interacts with, or any data held or processed by the app.

Most often, the mobile apps tested are configured for Apple’s iOS or Google’s Android operating systems.

The specific approach taken will depend on the app and the client’s specific requirements, but will generally be based on the OWASP Mobile Security Testing Guide and will include the following: