Institutions develop mobile applications using many software languages. In some cases, institutions also meet their mobile application development needs with third party companies. Within the scope of the service, we perform mobile application penetration tests by using international methodological approaches for mobile applications developed by institutions, either by themselves or by third-party companies. Mobile application penetration tests can run both in the corporate internal network and the customer/personnel network. Mobile application tests are tested using the profiling method. Thus, weaknesses that can be exploited by users in each profile are identified and reported. The findings determined at the end of the tests and the removal methods of these findings are presented to the institution in the form of a report. Mobile applications are tested with many test methods such as password storage, application weakness and insecure communication. The tests applied in this context are carried out on the basis of the OWASP methodology below.
OWASP TOP 10 Mobile Security Risks:
- M1: Improper Platform Usage
- M2: Insecure Data
- M3: Insecure Communication
- M4: Insecure Authentication
- M5: Insufficient Cryptography
- M6: Insecure Authorization
- M7: Client Code Quality Issues
- M8: Code Tampering
- M9: Reverse Engineering
- M10: Extraneous Functionality