Mobile Masterclass Part 2

Methodology of Mobile Application Penetration Testing

Discovery

Discovery phrase will be defined as Information Gathering phrase where it is the most important stage in any penetration testing. This phrase will gain any information hidden from naked eyes to other people.

This will contribute to the outcome of the mobile penetration testing whether it will be a successful or unsuccessful penetration testing

The process that will include in this phrase are such as follows:

  • OSINT (Open Source Intelligence): This process will help Security Consultant to gain information about the application via the internet like Shodan.io
  • Client-Side vs Server-Side Case: Security Consultant will have to understand the nature of the application whether native, hybrid or web.

Analysis

This Phrase can be considered as a unique phrase where Security Consultant will analysis the mobile application before and after installation.

The tools that will be use during this phrase will be Android JD-GUi and iOS otool

Exploitation/Testing

Within this phrase, Security Consultant will try to exploit the bug or weakness in terms of gaining access to the Mobile Device. As a result, Security Consultant will perform any malicious activities on the Mobile Device.

Source: Owasp Mobile Top 10

Author: Wan Ariff

He brings with him more than 2 years of working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *