Mobile Application Security Assessment

Your iOS and Android mobile app are central to conveniently and reliably serving your customers. Knowing that your app is safe and secure means you can be confident your customers will never have an issue accessing and using it, keeping them engaged and excited about your product or service.

Binary Brotherhood’s testing standards use a mobile application penetration testing methodology based on the following:

  • Open Web Application Security Project (OWASP) Testing Guide
  • OWASP Mobile Security Testing Guide (MSTG)
  • Technical Guide to Information Security Testing and Assessment (NIST 800-115)
  • OWASP Mobile Application Security Checklist
  • OWASP Top 10 2017 – The Ten Most Critical Web Application Security Risks

Execution flow:

a. Target scope reconnaissance

b. Business and application logic mapping

c. Engagement

d. Manual vulnerability exploitation

Binary Brotherhood performs mobile application security audits for iOS and Android through a native code analysis using custom-made scripts and tools like Frida, MobSF, or Objection. Our methodology is heavily oriented to search for vulnerabilities associated with local data storage, server communication defense mechanisms, and the overall API’s security.

We perform the following actions:

  • File System Analysis
  • Application Package Analysis
  • Reverse Engineering
  • Static Analysis
  • Dynamic Analysis
  • Inter-Process Communication Endpoint Analysis