Mobile and Web Application Security Assessment Services

Examining the security of your web and mobile applications

Web and Mobile Application Penetration Assessments both involve simulating real-world attacks to provide a current view of vulnerabilities and threats to the web and mobile application.

  • Web and mobile application penetration testing will begin with a discovery process utilizing Nexpose and other mobile-platform appropriate tools and utilities to develop a baseline profile of accessible services, ports and systems as targets for further penetration testing.
  • Once a baseline of information is gathered, Rapid7 uses Metasploit Pro and other platform specific tools for web and mobile application penetration testing to attempt to:
    • Identify weaknesses in the default installation
    • Bypass authentication and authorization mechanisms
    • Escalate privileges
    • Access and modify data or data presentation
    • Identify security weaknesses leading to inappropriate access, unintended application use, and loss of data integrity

Attack vectors used in our mobile and web application penetration testing services include data validation (SQL injection, Cross-Site Scripting, buffer overflows, etc.), session management, access controls (authentication and authorization controls), use of cryptography, and use of third-party components (patching, configuration errors, et cetera).

Web and mobile application penetration testing provides you with:

  • An understanding of real-world risks posed to the organization from the perspective of an attacker, going beyond the limitations of automated scanning.
  • A prioritized risk rating (DREAD framework) that takes multiple business-driven criteria into account.
  • Direct communication with an offensive security expert with years of industry experience and with direct access to the product team of the most widely used penetration testing framework.

To learn more about our web and mobile penetration assessment services contact us today.

Contact us