03330 500 111 hello@evalian.co.uk Client Portal

CREST Accredited Mobile App Testing

Secure your mobile applications with penetration testing services delivered by our Tigerscheme and OSCP qualified testers.

Our services cover iOS and Android applications and authenticated and unauthenticated testing.

We’ll provide a detailed report, recommendations, a telephone debrief and post test guidance.

We will also provide you with a free retest for remediated issues.

REQUEST MORE INFORMATION
  • CREST Accredited for Penetration Testing
  • CREST, Tigerscheme, Cyberscheme & OSCP Testers
  • Best Practice Testing Methodology
  • Detailed Test Report & Remediation Guidance
  • Call to Discuss Findings & Recommendations
  • Free Retest for Remediated Vulnerabilities
  • Affordable Rates & Flexible Engagements

Contact us for information and pricing.

03330 500 111

hello@evalian.co.uk

Our Qualifications

Pen Test Certs

I’ve engaged with Evalian for the first time and have been very impressed. They have assisted us with a number of Information Security Projects from Penetration Tests through to a comprehensive GDPR compliancy assessment. Evalian have a deep understanding of the fields they work in. Commercially, Evalian are very competitive and I would highly recommend their services.

Dave Clarke, CTO, BES Utilities

Our Approach

Data Mapping

Test Scoping

We'll help you determine the right tests and scope based on your objectives

Evalian Assessment

Proposal & Quote

You'll get a written proposal and quote tailored to your requirements

DPIA

Statement of Work

We'll prepare an SoW covering testing deliverables and prerequisites

End Point Build Assessment

Testing Work

Your tester will deliver the work, staying in contact with you throughout

ICO

Detailed Report

You'll get a detailed report setting out our findings and recommendations

DPO

Post Test Debrief

We'll arrange a call to discuss our report and answer your questions

Mobile application Testing

Remediation Advice

We'll remain available to you to provide remediation advice and guidance

Vulnerability Assessments

Free Retest

When you've fixed the issues identified in the test, we'll retest them for you

Trusted By

SoloProtect Logo Alterian New BES Utilities Softcat New Wiggin Logo

Testing Methodology

Application Architecture Review

We’ll start with a static analysis of the app and determine frameworks and libraries in use, identify entry points and map execution paths.

Application Testing

Your tester will assess the application in accordance with the Open Web Application Security Project Mobile Testing Guide (OWASP-MTG) methodology, covering the following areas:

  • Local Storage
  • Endpoint Communication
  • Authentication/Authorisation
  • Session Management
  • Interaction with Mobile Platform
  • Code Quality and Exploit Mitigation
  • Cryptography
  • Business Logic
  • Anti-Reversing and Anti-Tampering

Testing Includes

Depending on the agreed scope, our testing activities will include the following and more:

Data Storage Determination
Key Storage Testing
Shared Storage Testing
API Key Handling Testing
Data in Transit Testing
Encrypted Credential Testing
Default Credential Testing
Lockout Testing
Authentication Bypass Testing
Password Policy Testing
Session Token Storage Testing
Role Definition Testing
User Registration Process Testing
Session Management Testing
Logout Testing
Session Timeout Testing
API Testing
Injection Testing
Cryptography Testing
Validation Testing
Integrity Check Testing
Decompilation Testing
Rooted Device Testing
Injection & Recompilation Testing

About Us

Evalian provides penetration testing, security assessment and data protection services to organisations of all sizes in the UK and globally.

Our experienced team work from offices in London, Southampton and Manchester and remotely across the UK. We are certified to ISO 27001 and ISO 9001 and CREST accredited for penetration testing.

If you need a quote, example reports, or just want some advice we’d be pleased to help. Contact us today for more information.

icon

Need Testing Advice?

Contact us now for a friendly, no-obligation discussion or to request more information about our penetration testing and security assessment services.

Contact Us