Comment on page
Mobile Application PenTest
- Identify the product information, such as the library and framework in use
- Those used libraries and framework is the up-to-date version & applied the latest patches
- Outdated components or known vulnerability (CVE) found in the identified product
- Access to the default URL or admin page of the identified product
- Any hardcoded secrets (API Key, Credentials)
- Standard Error Handling
- Cached sensitive data
- Any sensitive or unnecessary data send in plain text
- ALLOWBACKUP flag disabled
- DEBUG flag disabled
- Saved sensitive data in plain text
- Log files securely stored with protection
- Logging any sensitive data locally
- Improper platform usage, such as permission, toucjID, keychain
- Insecure communication, such as SSL Cert, Cert Pinning
- Insecure authentication & authorization
- insufficient cryptography
- Reverse engineering