Penetration Testing

Mobile Application Penetration Testing

Mobile Application Penetration Tests are human-led, scope-limited engagements that aim to find vulnerabilities within mobile applications and application programming interfaces (APIs).

These assessments will give an organisation a thorough understanding of the risk posed by their applications as well as detailed remediation guidance to ensure that the highlighted issues can be addressed and that systems can be hardened against any potential attack.

The following gives an overview of the stages of this type of assessment.

Mobile Application Methodology Summary

Application Mapping

We will review the full attack surface before continuing onto the security assessment, ensuring that we achieve both depth and breadth. This can include reviewing the assessment scope to ensure that no assets have been unintentionally missed from the assessment scope.

Application Vulnerability Discovery

We review the application for the presence of a range of vulnerabilities, including but not limited to those covered by awareness documents such as the OWASP Mobile Top 10.

The following list gives an indication of the types of vulnerability that can be discovered through this type of engagement:

  • Business logic issues
  • Improper Credential Usage
  • Inadequate Supply Chain Security
  • Insecure Authentication/Authorization
  • Insufficient Input/Output Validation
  • Insecure communication
  • Inadequate Privacy Controls
  • Insufficient Binary Protections
  • Security misconfiguration
  • Insecure Data Storage
  • Insufficient Cryptography
  • Unvalidated redirects
  • Weak account restrictions
  • Insecure file handling

Analysis and Exploitation

Where a vulnerability is discovered our testing report will include a full breakdown of the potential for exploitation thereby removing false positives, removing the guess work from grading vulnerability risks, and giving the steps to replicate the vulnerability to ensure that your technical teams fully understand each issue.


We don’t just focus on vulnerability discovery, but we also give significant detail on remediating discovered vulnerabilities and importantly, hardening systems against exploitation.

We offer a full suite of penetration testing services

In addition to Penetration Testing we also offer Cybersecurity Training and Cybersecurity Consultancy to offer a comprehensive suite of cybersecurity services.

Cybersecurity Training

Akimbo Core deliver cybersecurity workshops all around the UK, as well as remotely. Our workshops cover a range of topics from technical subjects such as how to get the most out of cybersecurity testing, to security awareness issues within businesses.

Cybersecurity Consultancy

From security architecture to security assessment, we offer a wide range of services to ensure the protection of your assets. We use a highly flexible methodology to ensure that our services are fully aligned to your needs, delivered by a bespoke team with the precise skills and depth of experience needed to understand your issues and then effectively deliver the desired outcome. With our security assurance services, you can have peace of mind knowing that your systems and data are well-protected.





    Play Cover Track Title
    Track Authors