Gain Visibility Over Your Mobile App’s Security Vulnerabilities

Cybra offers a full suite of mobile app penetration testing services in Australia.

What is a mobile app pentest?

A mobile app penetration test is the ethical hacking of a mobile app and its backend components to identify security risks.

The test emulates an internet-based attacker and utilises current attack techniques and methods.

Mobile app pentest pricing

External pentests are typically cheaper in price compared to testing internal networks or applications, as there are generally fewer systems connected to the internet with a smaller attack surface.

Dangers of mobile app pentests

All penetration testing has a chance of adversely affecting systems, but this is very rare. All systems and networks should have adequate bandwidth and system resources before commencing.

Benefits of mobile app pentests

Proactive penetration testing uncovers security weaknesses in your iOS and Android apps before malicious actors can exploit them. This gives you a critical head start to fix vulnerabilities and safeguard user data.

What apps can be tested?

Cybra’s mobile app penetration testing covers native Apple iOS and Android apps.

Out of scope

Third-party systems (e.g., payment processors) are out of scope for penetration testing (unless explicitly required and permission granted).

When apps need to meet compliance (e.g., PCI DSS) we test up to the point where the request leaves the app which meets the compliance criteria.

Approach

Through the use of sophisticated software and techniques, mobile app penetration testing is carried out remotely over the internet by skilled security consultants who mimic a threat actor.

Testing is carried out on physical test devices and emulators to ensure as many vulnerabilities as possible are identified.

Types of mobile app attacks

Mobile app pentests cover a range of cyber attacks, such as:

  1. Authentication attacks (brute force, password spraying)
  2. Authorisation bypasses
  3. Account takeovers
  4. Information disclosures
  5. Vulnerability exploitation


Authenticated testing

Most mobile app penetration tests are conducted with test credentials through self-registration or provided by the customer.

Tools

Various open-source and commercial software and scripts are deployed on jailbroken/rooted test devices and emulators.

Firewalls/WAFs

Typically, Cybra does not require allowlisting of WAFs to perform mobile app penetration testing, but there may be some instances where this is required to fully assess backend APIs.

Detection / Monitoring

While not required, it is recommended to have some level of system and security monitoring in place during a penetration test as this allows the customer to observe how their systems react to a simulated hack, providing valuable insights for the security team.

What is a pentest report?

After a penetration test, the observations, findings, results and recommendations are presented in a professional report hand-written by our experienced consultants.

Who is the report for?

The penetration test report is formulated in a way that it can be read by executives/board, managers and technical staff.

Compliance objectives

Penetration test reports can be used as supporting evidence for relevant compliance frameworks.

What’s in the report?

The penetration test report includes an executive summary, technical summary, technical findings, vulnerability details and recommendations on how to remediate all identified issues.

What format is the report in?

The penetration test report is securely delivered to you in PDF format.

The report is professionally laid out so its easy for customer to navigate through the report.

Retest reports

Cybra offers an optional service to retest any vulnerabilities identified after you have a chance to fix the issues. This is known as a retest and an updated report is provided to you showing all remediated and non-remediated issues.

More Penetration Testing Resources

Penetration Testing Australia
Learn the obvious and not so obvious benefits of modern Penetration Testing.
Penetration Test Australia | Sydney | Melbourne | Brisbane
A Complete Penetration Testing Guide for Businesses in Australia.

Book a free Cyber Security consultation today