Mobile Application Penetration TestGuilherme Farinassi
Full black-box mobile application penetration test for Android and iOS, following OWASP Mobile Top 10 and OWASP MASTG methodologies.
What's included:
- Static analysis (reverse engineering, code review, certificate pinning)
- Dynamic analysis (runtime instrumentation with Frida, traffic interception)
- Testing for insecure data storage, weak authentication, improper session handling
- Deep-link, IPC, and intent hijacking (Android); URL scheme and keychain abuse (iOS)
- Detailed report with CVSS scores, PoC screenshots, and step-by-step remediation
- Executive summary for non-technical stakeholders
- 1 retest after fixes (within 30 days)
Deliverables: PDF report + raw findings list. APK/IPA required. Communication via Contra messages throughout the engagement.
Guilherme's other services
Starting at$1,200
Duration2 weeks
Tags
Security Engineer
Service provided by
Guilherme Farinassi São Paulo, Brazil
Mobile Application Penetration TestGuilherme Farinassi
Starting at$1,200
Duration2 weeks
Tags
Security Engineer
Full black-box mobile application penetration test for Android and iOS, following OWASP Mobile Top 10 and OWASP MASTG methodologies.
What's included:
- Static analysis (reverse engineering, code review, certificate pinning)
- Dynamic analysis (runtime instrumentation with Frida, traffic interception)
- Testing for insecure data storage, weak authentication, improper session handling
- Deep-link, IPC, and intent hijacking (Android); URL scheme and keychain abuse (iOS)
- Detailed report with CVSS scores, PoC screenshots, and step-by-step remediation
- Executive summary for non-technical stakeholders
- 1 retest after fixes (within 30 days)
Deliverables: PDF report + raw findings list. APK/IPA required. Communication via Contra messages throughout the engagement.
Guilherme's other services
$1,200