CREST OVS Accredited Mobile App Testing

Secure your mobile applications with penetration testing services delivered by our CREST and OSCP-qualified testers.

Our services cover iOS and Android applications and authenticated and unauthenticated testing.

We’ll provide a detailed report, recommendations, a telephone debrief and post-test guidance.

We will also provide you with a free retest for remediated issues.


03330 500 111

Our Mobile App Penetration Testing Accreditations

37838 Crest logo Refresh 2022 RGB 2 AW Col
CREST Accredited for Pen Testing Evalian
Vulnerability Scanning Evalian
OVS Mobile Accredited Evalian
OVS Apps Accredited Evalian

Our Approach

Data Mapping

Test Scoping

We'll help you determine the right tests and scope based on your objectives

Evalian Assessment

Proposal & Quote

You'll get a written proposal and quote tailored to your requirements


Statement of Work

We'll prepare an SoW covering testing deliverables and prerequisites

End Point Build Assessment

Testing Work

Your tester will deliver the work, staying in contact with you throughout


Detailed Report

You'll get a detailed report setting out our findings and recommendations


Post Test Debrief

We'll arrange a call to discuss our report and answer your questions

Mobile application Testing

Remediation Advice

We'll remain available to you to provide remediation advice and guidance

Vulnerability Assessments

Free Retest

When you've fixed the issues identified in the test, we'll retest them for you

Mobile Application Penetration Testing Methodologies Guidance

Read our blog on Mobile Application Penetration Testing Methodologies Guidance where our head of practice Alex Harper discusses the most common vulnerabilities in mobile applications and why mobile application tests are important.

Testing Methodology

Application Architecture Review

We’ll start with a static analysis of the app and determine frameworks and libraries in use, identify entry points and map execution paths.

Application Testing

Your tester will assess the application in accordance with the Open Web Application Security Project Mobile Testing Guide (OWASP-MTG) methodology, covering the following areas:

  • Local Storage
  • Endpoint Communication
  • Authentication/Authorisation
  • Session Management
  • Interaction with Mobile Platform
  • Code Quality and Exploit Mitigation
  • Cryptography
  • Business Logic
  • Anti-Reversing and Anti-Tampering

Testing Includes

Depending on the agreed pen testing scope, our testing activities will include the following and more:

Data Storage Determination
Key Storage Testing
Shared Storage Testing
API Key Handling Testing
Data in Transit Testing
Encrypted Credential Testing
Default Credential Testing
Lockout Testing
Authentication Bypass Testing
Password Policy Testing
Session Token Storage Testing
Role Definition Testing
User Registration Process Testing
Session Management Testing
Logout Testing
Session Timeout Testing
API Testing
Injection Testing
Cryptography Testing
Validation Testing
Integrity Check Testing
Decompilation Testing
Rooted Device Testing
Injection & Recompilation Testing

About Us

Our experienced team work from offices in London, Southampton and Manchester and remotely across the UK. Our testers are CREST accredited and have multi-industry experience.

Ningi Testimonial Pen Testing

Contact Us

Need some help understanding the information on this form? Visit our guide to scoping a penetration test. 

Evalian is committed to protecting and respecting your privacy. By proceeding with your inquiry, you agree to the terms of our Privacy Policy.

Don't Just Take Our Word For It

Ningi Testimonial
Beryl Testimonial
Vistry Testimonial
Interscientific David Lawson
BES Testimonial