Mobile Application PenTest

Information Gathering

  • Identify the product information, such as library and framework in use
  • Those used libraries and framework is the up-to-date version & applied the latest patches
  • Outdated components or known vulnerability (CVE) found in the identified product
  • Access to the default URL or admin page of the identified product
  • Any hardcoded secrets (API Key, Credentials)

Application Analysis

  • Standard Error Handling
  • Cached sensitive data
  • Any sensitive or unnecessary data send in plain text
  • ALLOWBACKUP flag disabled
  • DEBUG flag disabled

Data Storage

  • Saved sensitive data in plain text
  • Log files securely stored with protection
  • Logging any sensitive data locally

Backend API Server

· Reference to the Web Application PenTest – Service API
Copy link
Outline
Information Gathering
Application Analysis
Data Storage
Backend API Server