• Define the scope: First, we identify the client’s needs by establishing a scope of their requirements. This stage involves closely examining and identifying applications and domains , authorization credentials, applicable IP addresses, all in-scope binaries like .ipa or .apk, the URLs dedicated for in-scope API servers, and such.
• Determine the exclusions: After defining the scope, we put together a list of exclusions that may include sensitive information or are simply restricted. These parts are not scanned or utilized in our assessment.
• Determine the testing period and review the rules of engagement: In this step, we discuss and finalize the project’s timeline with the client. We also discuss and confirm the scope, limitations, and testing objectives for the assessment, while addressing any concerns the client might have.

• Open-source intelligence gathering: After the initial scope is finalized, we start gathering intelligence on the target through various sources. The first thing we look for is publicly available information and resources about the target and any inherent weaknesses. This exercise extracts critical information about the software, user profiles, email addresses, and even online forums used by the target.
• Understanding the platform: In this step, we study the target platform to develop a better understanding of what we’re working with. For that, we decompile the code for each of the app binaries provided. We then scan that data for useful intelligence and information such as comments or fixed values. This helps us find loopholes and weaknesses in the code that we can exploit.
• Client-side vs server-side scenarios: A lot of data can be accessed through an application. Sometimes confidential data is accidentally made public. We check for any private data that is available publicly and can be leveraged, such as salary details, in-house conversations, company schedules, and any other potentially harmful information.

When it comes to testing mobile applications, things work a little differently. Our penetration testers assess and compare the applications pre and post-installation. Discrepancies can sometimes be found during such comparisons. Our evaluation and assessment methodology includes:

• File system analysis – Breaches often occur in local files written on the file system. They are scanned and evaluated thoroughly to make sure they are secure.
• Package analysis – Our testers then unpack the compressed installation bundles for both Android and iOS and analyze them to make sure that the compiled binary configurations are not modified in any way.
• Reverse engineering – In this step, we decompile and dissect the application’s source code to understand how it is actually working and look for inherent vulnerabilities. However, as Android applications may be changed and modified after installation, that makes them especially prone to breaches.
• Static analysis – As executing applications isn’t a part of our static analysis, we only assess the provided files and source code.
• Dynamic analysis – As part of our dynamic analysis, we execute the application and conduct a detailed forensic evaluation of how it communicates with the server, the file system, and the IPC as needed. A detailed review includes a complete assessment of all application components.
• Inter-process communication endpoint analysis

• Initial Attack: After we are done with the assessment phase, we simulate an attack on the application using the exploits and loopholes found earlier. This helps determine the risk-level of your app and the effectiveness of chained exploits/attacks. Apart from this, authorization bypasses, direct object references, logic failures that require manual identification are evaluated as well.
• Assessing the Scale of Penetration: The information gathered earlier now comes into play. Our tester uses that intelligence to simulate malicious activities, gain confidential info, and privileged user rights (root) while disabling security measures to assess the scale of the potential penetration. This is why effective intelligence gathering is crucial.

• After the conclusion of the assessment, Di8it compiles the findings of the assessment in a detailed, customized report. It includes the information gathered on plausible attack vectors, vulnerabilities, and hidden exploits. We also provide a detailed summary of the risk factors involved to highlight the risk-level of the mobile application, as well as suggestions for further improvements and enhancements. The report follows our standardized reporting format to ensure clear communication of our findings, and to help your development team and security.
• Remediation Testing: We also offer remediation testing once the client has implemented the recommended security patches and fixes. This helps ensure effective remediation.
• engineers implement effective remedial updates.