Mobile Application Penetration Testing

Expert Mobile Application Penetration Testers

Mobile devices have become an essential component of business and of general life in the 21st century. Almost all organisations publishing information through a web application extend this functionality to a mobile application. Exposing this information in an insecure manner can lead to a significant breach of sensitive information.

Triskele Labs conduct Penetration Testing of of mobile application to identify potential security issues that could be compromised to gain access to sensitive information presented by the mobile application. Our testing aligns with OWASP standards to ensure all areas are covered and nothing is left untouched.

Defensive Network
  • Real-Time Portal To Provide Ongoing Results
  • CREST Registered Penetration Testing Company
  • Daily Start And End Of Day Notices
  • Complimentary Re-Testing For All Engagements

Our methodology is second to none

Architecture Review

An architecture review of the mobile application will be conducted to understand its functionality and the communications methods that will be required. This will include identifying the requirements to test the application and communications back-end if present.

Threat Modelling

A threat model will be developed to understand the risks facing the mobile application. This will assist to understand the data that is present, if there is authentication and if an administrative backend is in place.

Prepare Test Cases

The Ethical Hacking Team will observe the application at the functional level and analyse its behaviour, including decrypting it if the application has been obfuscated. Extraction of what kind of frameworks have been used will further create the relevant test cases.

Static Analysis

Reverse engineering of the application will be conducted on the relevant platforms (Android or iOS). This will consist of automated and manual inspection of code through decompiling techniques. This will be conducted utilising tools such as dex2jar, JD-GUI, tool and class-dump-z. Automatic and manual source code analysis will be conducted utilising tools such as Androwarn, Andrubis, ApkAnalyser, Flawfinder and Clang Static Analyzer.

Dynamic Analysis

Run-time analysis of the mobile application will be conducted through passive networking monitoring and analysis. Where possible active network capturing and manipulating (WiFi and cellular) will be conducted. File activity analysis will be conducted through analysis of file system changes during the run-time. This will identify issues such as un-encrypted sensitive data being sent, user authentication bypass or stored user credentials.


Utilising the results of testing, Triskele Labs will report on issues identified. False positives are reduced throughout the process. All of our reports are provided to our clients through our secure portal, MyFiles.

Related case studies

Be part of the community and be the next to testify with your own results

Regional Australia Bank

As one of Australia's leading mutual banks, it is imperative Regional Australia Bank ensures appropriate cybersecurity controls are implemented. When they needed a cybersecurity partner, the team at Regional Australia Bank turned to Triskele Labs to draw on our vast experience and ensure proactive controls are implemented.

Read More

Our Testing Checklist

  • Architecture Design
  • Data Storage & Privacy
  • Cryptography Verification
  • Authentication & Session Management
  • Network Communication
  • Platform Interaction
  • Code Quality & Build Settings
  • Resiliency Against Reverse Engineering

Reduced Risk

It is critical to identify and resolve the risks to your application and information, before it goes into production and exposes the application to the world.

Protect Data

It is our goal to ensure that your most sensitive systems and data are protected and remain secure. Without Penetration Testing, you may be exposed.

Work With The Best

The Triskele Labs team have worked across Australia, New Zealand, Singapore, China and more. We understand our craft and know what to look for.

Australian Based Team

Unlike others who offshore their teams, all our Penetration Testers are located within our Australian offices and you can chat any time.

Well Scoped Projects

All our engagements are understood and scoped before testing ever commences. This ensures both teams have a mutual understanding.

Dedicated Project Manager

All projects commence with a kick-off to ensure both teams have key contact points and know what is happening at all times.

Keep in Touch

Triskele Labs is built on a partnership approach. We appreciate face to face discussions over a Video Conference and ensure regular touch points with all of our clients. Reach out today to discuss any of your cybersecurity needs.

  • Level 4, 210 Kings Way, South Melbourne VIC 3205 Australia
  • 130024CYBER

Customer Review