Testing Mobile Devices

The use of mobile devices - iOS and Android - is increasing throughout the enterprise. Core Impact provides the following ways in which testers can evaluate the security of these devices which serve as both keepers of and conduits to sensitive data.

Mobile Device Client-Side Testing

Similar to the traditional Client-side testing available in Core Impact, testers can target mobile devices (iOS, BlackBerry, Android) with client-side attacks. By simulating a client-side attack, you are able to determine a) whether your user community is cautious when receiving links from external sources and b) the security of the mobile devices themselves. Android Agents are available to specifically target and prove vulnerability of common Android mobile devices.

To perform a Mobile Device Client-side test, follow the steps outlined in the Client-Side RPT. During the Attack and Penetration configuration, you will have the option to configure how you wish to test mobile devices.

Mobile Application Backend Testing

When a user runs an application (app) on a mobile device, that app typically requires a connection to a backend server. For example, an app providing the weather will need to connect to a remote server using web services in order to receive the latest weather data, then display it on the mobile device.

When performing Mobile Application Backend Testing in Core Impact, you are essentially running a WebApps test whereby Core Impact sits in between a mobile app and its backend server. Core Impact will then harvest the requests being made on the server and use these requests as baselines to test the target backend web services and try to identify vulnerabilities in them. This simulates what a malicious person may do in order to exploit and extract information from the servers.

With Core Impact Mobile Application Backend Testing capabilities, you can make sure that the web services used as the backend of your mobile app are not vulnerable to a malicious attack. Use the Interactive crawling of a mobile application backend option when performing WebApps Information Gathering in order to leverage Core Impact's web services testing capabilities to further extend your penetration testing practice.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
21.7 | 202504070612 | April 2025