We perform a quick application tour before preparing a price quote. During the tour we will be doing passive analysis (no testing involved, just observation) and collecting some basic information and statistics. These are mainly:

• The number of API calls in the mobile application
• The number of parameters submitted
• Technologies being used (E.g.: Web Sockets, transaction signing, SSL pinning, anti-VM countermeasures, root/jailbreak detection, etc.)
• The number of different user roles in the application

Because the app tour does not involve any offensive activities, it can be safely performed on the production instance.

The tour also requires that we have the necessary credentials to access all the pages and functionality that will be included in the test scope.

Once the information is collected, we will calculate the amount of manual effort needed (in “man/day” units) to complete the penetration test.

We will then email you a formal price quote, which will be based on Effort (in man/days) x Daily Charge.