Mobile Application Pentesting

About

If you have a mobile application which is used by a large number of staff, or is deployed to end users, attackers may be able to use it to gain access to other users’ data or exploit the backing applications.

How we can help

Pākiki can review your mobile applications on both iOS and Android. We start by looking at the APIs and any wrapped web applications for vulnerabilities in line with the OWASP Testing Methodology.

Additionally, for mobile applications, we check:

What you get

At the end of the engagement, you’ll receive a written report, detailing:

Process

All of our engagements follow a similar process:

  1. We start by scoping the engagement, understanding what you're looking for, discuss the technologies and platforms in use, and any key concerns that you may have. From this, we produce a Statement of Work detailing the effort required, cost, any prerequisites, and our approach to the engagement.
  2. Once the Statement of Work is signed, we'll work with you to schedule the work.
  3. Prior to the engagement starting, we'll be in touch to organise any prerequisites we require and where practical will test these prior to the engagement. This will ensure the engagement commences on time.
  4. The consultant will start the engagement and will provide regular updates. Any high or critical severity issues will be notified when they are found.
  5. At the end of testing, a report will be produced and provided.
  6. A close-out meeting is held to provide any additional context around the business impact of what we identified, and to provide a chance for any further questions on how to remediate what was found.
  7. Optional Retesting can be carried out in order to ensure that any vulnerabilities have been successfully remediated.

Get in touch

To find out more:

Contact Us