Mobile Application Pentest - identify vulnerabilities in mobile applications

Simulating a real attack
White Box, Gray Box и Black Box
Recommendations for addressing vulnerabilities
Post-penetration support

What is a pentest
of mobile apps

Attacks on mobile applications can lead to disruption of their operation, identity theft, breach of privacy and financial losses to users. As a result, the attacker's actions result in loss of user trust and damage to the reputation of developers and the Company as a whole.

Pentest of mobile applications consists in checking their security level: testing for vulnerabilities in server and client parts, excessive access rights, presence of logical errors, testing for resistance to data leakage. During the work we use different testing methods (White Box, Grey Box, Black Box.

When you need testing

Before releasing the mobile app

Pentest will help identify potential vulnerabilities, allowing remedial action to be taken before it is in the hands of the user

Regular safety inspections

Regular pentests allow to detect new vulnerabilities and take timely measures to eliminate them

After significant changes to the mobile app

When making significant changes to a mobile application, a pentest will help ensure that these changes do not lead to new vulnerabilities

The result is the Report, which consists of


A general description of the pentest results without using specialized terminology, but with an assessment of the criticality of the identified vulnerabilities.

Technical report

Contains information about the vulnerabilities found, how they are reproduced and scenarios of their exploitation. The Report also contains detailed information on how to remediate the found vulnerabilities.

Expert opinion

This section contains information on individual ways to improve the level of information security taking into account the Client's business processes.

What to do with the Report


Analyze the results

Carefully review the report to understand the vulnerabilities identified, potential consequences, and recommendations for remediation

Develop an action plan

Create an action plan to address identified vulnerabilities. Establish timelines and responsible parties to ensure an appropriate response to each issue

Fix the vulnerabilities

Take measures to address identified vulnerabilities in accordance with the developed action plan

Repeat the test

After the vulnerabilities have been fixed, repeat the pentest to ensure that the issues have been successfully fixed and the system is now secure

Update policies and procedures

Based on the results of the pentest, update security policies and procedures

Train staff

Conduct employee training to raise awareness of risks and security best practices

Benefits of ITGLOBAL.COM Security


External pentest is performed by specialists who have international certificates: OSCP, OSCE, OSWE, CEH


World standards

Pentest of mobile applications is conducted according to the global methodologies of OWASP Mobile Security Testing Guide and OWASP Top 10


Proprietary testing methods

Having more than 25 proprietary mobile app pentesting methodologies

Post-service support

We continue to advise you after the pentest to help address vulnerabilities identified in the process


Proven experience

10 years of practical experience, real cases of our clients and all necessary FSB and FSTEC licenses

Frequently Asked Questions

What is a pentest?

A pentest is a method of assessing the security of IT infrastructure or information systems using techniques and tools similar to those that attackers might use
Types of pentests
  • External pentest is a simulation of the actions of an attacker who has illegally penetrated the IT infrastructure from the external environment
  • Internal pentest is a simulation of the actions of an attacker, from the perspective of an internal user or employee who has access to the IT infrastructure or information systems
  • Web application pentest is a simulation of the attacker's actions aimed at identifying vulnerabilities that can be exploited to gain unauthorized access to data, functionality or resources of a web application.
  • Pentest of a mobile application is a simulation of an attacker's actions aimed at identifying vulnerabilities that can be used to gain unauthorized access to data, functionality or resources of a mobile application.

What are the techniques for conducting pentests?

  • White Box - simulates the actions of an employee who holds a responsible position and has specialized skills.
  • Gray Box - simulates the actions of an employee with basic access to the company's infrastructure and services.
  • Black Box - simulates an attack by an attacker who knows nothing about the company's infrastructure, only its name.

How does pentest differ from security analysis and IS audits?

Security analysis allows you to find all known and unknown vulnerabilities in your IT infrastructure IS audit allows you to assess the current state of the Client's information security processes and get an objective assessment of their maturity Pentest allows you to find all known and unknown vulnerabilities in your IT infrastructure and perform attacks using them.
Our clients

Pentest mobile apps.
Order a service

You agree to the terms of the privacy policy
We use cookies to optimise website functionality and improve our services. To find out more, please read our Privacy Policy.
Cookies settings
Strictly necessary cookies
Analytics cookies