** Mobile Application Penetration Testing for AWS Start Ups **

In today’s mobile world, the need for access to company resources on the go is growing. Many companies find themselves developing mobile applications under the pressures of high demand from customers and employees alike. Mobile applications have a number of components that can expose your data, cripple operations, and devastate your business.

A Mobile Application Penetration Test will provide a comprehensive analysis of the security features of the application and back-end components. This analysis will identify key areas within the application where security can be improved.

Mobile Application Penetration Testing Phases

** 1. Planning and Preparation** Before starting a Mobile Application Security Assessment, a review the tester meets directly with the client and discusses any specific areas of concern. Rhymetec typically tests against as a normal user and will start the assessment without any additional information other than the mobile application store location and account type desired.

** 2. Discovery ** The tester will attempt to disassemble the application package file and determine paths the application takes locally on the device and over the backend API. Both static and dynamic analysis tools are used to determine the full footprint of the application and potential areas of concern.

** 3. Penetration Attempt and Exploitation ** Both automated and manual testing are performed against the mobile application to determine if any data leakage can occur locally or through the device. Additionally the application is checked for unsafe practices and weaknesses in the API that the mobile application uses. The OWASP MSTG (Mobile Security Testing Guide) is to create test cases for this phase.

** 4. Analysis and Reporting ** The tester will input findings into the internal documentation system as the test progresses. Examples of exploits and weaknesses are presented in a standardized report that include details about findings and how to remediate them. The report is created with both an executive summary for C-Level staff and detailed findings areas where developers can take action on findings.

What to Expect All findings are reviewing before being added to your report. You have direct contact with the penetration testers through the process to address all inquiries. In addition to a detailed finding report, Rhymetec deliverables will also Include:

• Company background
• Scoping and Testing Parameters
• Executive Summary
• Overview Chart and Table of Findings