Mobile Application PenTest
- Identify the product information, such as library and framework in use
- Those used libraries and framework is the up-to-date version & applied the latest patches
- Outdated components or known vulnerability (CVE) found in the identified product
- Access to the default URL or admin page of the identified product
- Any hardcoded secrets (API Key, Credentials)
- Standard Error Handling
- Cached sensitive data
- Any sensitive or unnecessary data send in plain text
- ALLOWBACKUP flag disabled
- DEBUG flag disabled
- Saved sensitive data in plain text
- Log files securely stored with protection
- Logging any sensitive data locally