How to Get Started as a Mobile Penetration Tester

If you’re reading this, you’re probably interested in learning how to get started with penetration-testing mobile devices but aren’t sure how to start. In this article, we’ll talk about some of the background knowledge that a mobile pentester will need, how to get a practice environment set up, and ways to improve your chances of landing a job as a mobile pentester.

Background Knowledge

Mobile pentesting is like most jobs in that you need to know some basics and have certain skills before you can begin to get deep into the field. When starting out in mobile testing, it’s useful to have a background in general penetration testing, some basic programming skills and a couple of non-technical “soft skills.”

Penetration Testing

It’s not strictly necessary for an aspiring mobile penetration tester to have a background in IT or general penetration, but it can definitely help. Mobile apps share many characteristics with web applications, so knowledge of or a background in web application testing can be beneficial for a mobile pentester.

A good starting point for building up the necessary skill set is checking out the Open Web Application Security Project (OWASP) Top Ten lists. OWASP publishes a list of the Top Ten Web Application Vulnerabilities and the Mobile Top Ten. Becoming familiar with the vulnerabilities included in these lists is a great way to start getting into mobile pentesting.

Programming

Many automated tools exist for mobile and web app penetration testing and knowledge of how to run them and process their output is important for a pentester. However, at some point it will be necessary to look at the source code of some application on the target machine. The ability to read, if not write Java and Objective-C is helpful for a mobile penetration tester evaluating Android and Apple (Read more...)