Pentest of mobile applications — we identify vulnerabilities in mobile applications

Imitation of a real attack
White Box, Gray Box и Black Box 
Recommendations for fixing vulnerabilities
Support after the pentest

What is a pentest?
mobile applications

Attacks on mobile applications can lead to disruption of their operation, theft of personal data, violation of privacy and financial losses of users. As a result, the actions of an attacker lead to a loss of user trust and damage the reputation of developers and the Company as a whole.

The pentest of mobile applications is to check their degree of security:  testing for vulnerabilities in the server and client parts, abuse of authority in access rights, the presence of logical errors, checking for resistance to data leakage. In the course of the work, different testing methods are used (White Box, Grey Box, Black Box.

When testing is needed

Before the release of the mobile app

The pentest will help identify potential vulnerabilities, which will allow you to take measures to eliminate them before it ends up in the hands of the user

Regular security checks

Conducting regular pentests allows you to detect new vulnerabilities and take timely measures to eliminate them

After significant changes in the mobile application

When making significant changes to the mobile application, pentest will help ensure that these changes have not led to new vulnerabilities

The result is a Report that consists of


A general description of the results of the pentest without using specialized terminology, but with an assessment of the criticality of the identified vulnerabilities. 

Technical Report

It contains information about the vulnerabilities found, how to reproduce them, and scenarios for their exploitation. The Report also contains detailed information on how to fix the vulnerabilities found.

Expert opinion

This section contains information on individual ways to increase the level of information security, taking into account the Client's business processes.

What to do with the Report


Analyze the results

Carefully review the report to understand the identified vulnerabilities, potential consequences and recommendations for their elimination

Develop an action plan

Create an action plan to eliminate the identified vulnerabilities. Set deadlines and responsible persons to ensure an appropriate response to each problem

Fix vulnerabilities

Take measures to eliminate the identified vulnerabilities in accordance with the developed action plan

Repeat testing

 After fixing the vulnerabilities, repeat the pentest to make sure that the problems have been successfully fixed and the system is now protected

Update policies and procedures

Based on the results of the pentest, update the security policies and procedures

Train the staff

Conduct employee training to increase awareness of risks and best security practices

Advantages ITGLOBAL.COM Security


External pentest is performed by specialists who have international certificates: OSCP, OSCE, OSWE, CEH

World standards

We conduct a pentest of mobile applications according to the global OWASP Mobile Security Testing Guide and OWASP Top 10 methods

Own testing methods

Availability of more than 25 proprietary methods for conducting pentests of mobile applications

Support after the service is provided

We continue to advise you after the pentest to help eliminate the vulnerabilities identified during the process.

Proven experience

10 years of practical experience, real cases of our clients and all the necessary licenses of the FSB and FSTEC

Frequently Asked Questions

What is a pentest?

Pentest is a method of assessing the security of IT infrastructure or information systems, using techniques and tools similar to those that can be used by attackers
Types of pentests
  • External pentest is a simulation of the actions of an attacker who has illegally penetrated the IT infrastructure from the external environment
  • Internal pentest is a simulation of the actions of an attacker, from the position of an internal user or employee who has access to the IT infrastructure or information systems
  • A web application pentest is a simulation of an attacker's actions aimed at identifying vulnerabilities that can be used to gain unauthorized access to data, functionality, or resources of a web application.
  • A mobile application pentest is a simulation of an attacker's actions aimed at identifying vulnerabilities that can be used to gain unauthorized access to data, functionality, or resources of a mobile application.

What are the methods of conducting pentests?

  • White Box — mimics the actions of an employee who holds a responsible position and has specialized skills.
  • Gray Box — simulates the actions of an employee with basic access to the company's infrastructure and services.
  • Black Box — an attack is simulated by an attacker who knows nothing about the company's infrastructure, only its name.

How does pentest differ from security analysis and information security audit?

Security analysis allows you to find all known and unknown vulnerabilities in your IT infrastructure. Information security audit allows you to assess the current state of the Client's information security processes and get an objective assessment of their maturity. Pentest allows you to find all known and unknown vulnerabilities in your IT infrastructure and carry out attacks using them.
Our clients

Pentest of mobile applications.
Order a service

You agree to the terms of the privacy policy
We use cookies to optimise website functionality and improve our services. To find out more, please read our Privacy Policy.
Cookies settings
Strictly necessary cookies
Analytics cookies