Methodology of Mobile Application Penetration Testing
Discovery phrase will be defined as Information Gathering phrase where it is the most important stage in any penetration testing. This phrase will gain any information hidden from naked eyes to other people.
This will contribute to the outcome of the mobile penetration testing whether it will be a successful or unsuccessful penetration testing
The process that will include in this phrase are such as follows:
- OSINT (Open Source Intelligence): This process will help Security Consultant to gain information about the application via the internet like Shodan.io
- Client-Side vs Server-Side Case: Security Consultant will have to understand the nature of the application whether native, hybrid or web.
This Phrase can be considered as a unique phrase where Security Consultant will analysis the mobile application before and after installation.
The tools that will be use during this phrase will be Android JD-GUi and iOS otool
Within this phrase, Security Consultant will try to exploit the bug or weakness in terms of gaining access to the Mobile Device. As a result, Security Consultant will perform any malicious activities on the Mobile Device.