Mobile Application Penetration Testing often has a different flow to web application or network testing. This is because not only do you get an application but you also get the software itself. This runs on a device you control and allows for a much wider attack surface. It also allows DE compilation of code and hooking of calls all in service of attacking the application. As such, mobile app pentesting requires an entirely different skill set, knowledge base and methodology. Most mobile application penetration tests rely on the OWASP-MASVS (Mobile Application Security Verification Standard). Senior application developers and hackers are responsible for developing this to ensure that applications meet minimum security requirements. The content in this blog comes from the OWASP-MSTG which is one of the most complete methodologies available.