Relying on the rich security knowledge base of the Asiainfo-SEC Service Team, a combination of automation and manual methods is used to perform client-side scanning, client-side static analysis, client-side dynamic analysis, and client-run runtime analysis to ensure that vulnerabilities are fully detected, known and unknown security risks are alerted, and corresponding security test reports are provided, with risk analysis and repair suggestions. Client testing includes checks of sensitive information, four major components, mobile application security policies, process security, and network communication security. Server-side testing refers to traditional web penetration testing as the cornerstone, combined with the characteristics of mobile terminals to perform rich and comprehensive security tests, not just regular web penetration tests. Under the user's authorization, a team of technical experts is responsible for implementing server-side security testing services, simulating the vulnerability discovery techniques and attack methods used by hackers as completely as possible, thoroughly investigating the security of target networks/systems/hosts related to mobile applications, and comprehensively evaluating the vulnerability of the server side. Code auditing in mobile app security testing means that a security code evaluator reads the source code of the mobile application as much as possible to help customers evaluate the current state of source code security, analyze related risks, and make safe and feasible repair suggestions. The technical method of code auditing can make up for vulnerabilities and security risks that are not fully covered by penetration testing and reverse cracking. It is a highly reliable and secure inspection method. Among them, the service includes: secure coding and development specifications, current status of source code security, and problem analysis.