Mobile Application Security Testing
      Back to home
      1. Help Center
      2. Scanning & Testing
      3. Mobile Application Security Testing

      Does Edgescan support Mobile Application Security Testing (MAST)?

      Yes, Edgescan supports mobile security testing on iOS & Android devices, this can include penetration testing, vulnerability scanning and forensic device analysis.

      Version Number: v1.0.1

      Published Date: 16 May 2024

      ____________________________________________________________________________

      CTEM Phase 4: Validation

      During the validation stage (Phase 4) of CTEM, the organization tests the effectiveness of its existing security controls against identified threats. MAST is an integral part of the CTEM process as its designed to validate the effectiveness of the security measures in place.

      How the Mobile Application Security Testing process works:


      1. Edgescan starts with ingesting the API components used by mobile devices and applications into its platform.
      2. Then our vulnerability scanning engine builds a precise profile of each application and runs an assessment of it and at the host-server layer.
      3. After the initial scan is completed, a manual penetration test is performed against the API/App, to test for business logic vulnerabilities and vulnerabilities that legacy scanners cannot find.
      4. Edgescan then downloads a build of the native mobile application onto our test devices and begins deep testing and device forensics.
      5. All results are provided to the Edgescan platform allowing for unlimited retesting and reporting, while ensuring data is safely stored, transmitted, and secured in your mobile environment.

      Why perform mobile security testing?

      • Full stack security in one platform that combines API vulnerability assessment, pentesting, and mobile forensic analysis in a unified platform – simplifying daily operations.
      • Only real, prioritized and actionable results are delivered eliminating the false positive ‘noise’ – reducing costs and saving time.
      • Risk-rated results with prioritized remediation. Employs several risk scoring systems (i.e., CVSS, CISA KEV, EPSS) and our own Validated Security Score to risk-rate results.
      • Access to CREST certified security analysts that will test and expedite the effective implementation of your cloud, network and mobile security strategy.
      • Meet compliance – Edgescan is a certified PCI ASV and delivers testing covering the OWASP Top 10, WASC threat classification, CWE/SANS Top 25.