[FS-MAPT] Mobile Application Penetration Testing



A penetration testing is a method of evaluating the security of a computer system or network by simulating an attack. A Mobile Application Penetration Testing (MAPT) focuses on evaluating deep the security of a Mobile Application. The process involves an active analysis of the application for any weaknesses, technical flaws and vulnerabilities. Any security issues that are found will be presented to the system owner together with an assessment of their impact and often with a proposal for mitigation or a technical solution.

Our method is based on the black-box approach that simulate an outsider attacker.

In the evolving world of technology, Mobile Applications are becoming more dominant than ever, this evolution has created a full range of new attacks that were not relevant in the classic web application world. During our Mobile Application Penetration Testing, we simulate a multitude of attacks, both general application attacks and mobile dedicated attacks. The testing simulates a real attacker and what he/she can do to penetrate the application and retrieve or compromise confidential data.

We test both Mobile Web-based Applications and Mobile Client Applications  for Android, iOS, Windows Phone and BlackBerry platforms.

We start with a full installation of the application (mobile application binary, for example app.apk, app.ipa, etc.) and then perform a complete walkthrough, using all the various functions available. We note where sensitive data is requested, how it moves through the application, how it’s utilized, and so on. We build a diagram of how those components work together, and leverage that diagram as the assessment progresses. Testing is performed on test mobile devices as well as by using device emulators - depending on the application type and functionality. Covering of the OWASP Top 10 Mobile Vulnerabilities. We also test if is possible to Reverse Engineering the mobile application binary to obtaining pseudo source code.


Some Vulnerabilities Analyzed:


  • Improper Platform Usage
  • Insecure Data Storage
  • Insecure Communication
  • Insecure Authentication
  • Insufficient Cryptography
  • Insecure Authorization
  • Client Code Quality
  • Code Tampering
  • Reverse Engineering
  • Extraneous Functionality

Not preparing for attacks on your mobile applications can lead to data loss and dangerous compromises of internal servers and user data. Mobile applications often provide access to personal information, credit card numbers, and other sensitive data, and need the same dedicated security as their desktop and web counterparts.



The strength of a valuable and effective Mobile Application Penetration Testing (MAPT) resides in Ethical Hacking and manual skills of the Tester, in their years-long experience and in their Analytic attitude, Coding and Exploiting skills - all of this are Fulgur Security's strengths.

A MAPT is not just an automated task and any security tools is useful but not the only thing rely upon on - in practice it's not the solution to the problem.

Our Mobile Application Penetration Testing is a more deep process that use our Ethical Hacking skills, tools and 0day exploits to evaluate Target in scope. This process is the only that can uncover vulnerabilities on Mobile Applications difficult or impossible to detect with automated application vulnerability scanning software only.

The biggest difference between us and other realities is that we offer our multi-annual and proven Ethical Hacking expertise and professionalism (maturated in hacking/academic/professional circles) to perform our high-value Mobile Application Penetration Testing.



We use our own manual pentesting skills and a patient, well thought-out, and methodical approach. We also use our own MAPT private products developed after years of Penetration Testing activities and our own FS-PT Labs and the better MAPT Scanning tools/suites (both Open and Commercial).



We strictly follow both OWASP and ETHICAL HACKING methodologies & our own personal FULGUR SECURITY approach (born after many years of experience in hacking/intelligence/darknet world and so focused to understand deep any cyber security threats) to perform our MAPT.



As a result of our Mobile Application Penetration Testing we delivery a Professional Security Report with a deep description of any issues found and their business/risk impact - we also propose Security Remediation and a Remediation Plan for any vulnerabilities found.



Please feel free to CONTACT US to get a quote.