Mobile Application PenTest

Information Gathering
Identify the product information, such as library and framework in use
Those used libraries and framework is the up-to-date version & applied the latest patches
Outdated components or known vulnerability (CVE) found in the identified product
Access to the default URL or admin page of the identified product
Any hardcoded secrets (API Key, Credentials)
Application Analysis
Standard Error Handling
Cached sensitive data
Any sensitive or unnecessary data send in plain text
ALLOWBACKUP flag disabled
DEBUG flag disabled
Data Storage
Saved sensitive data in plain text
Log files securely stored with protection
 Logging any sensitive data locally
​
Backend API Server
​
·         Reference to the Web Application PenTest – Service API 

Penetration Testing Checklists - Previous

Network/System PenTest

Next - Red Team (Windows)

01 Reconnaissance

Last modified 2mo ago

Copy link

Contents

Information Gathering

Application Analysis

Data Storage

Backend API Server