Identify the product information, such as the library and framework in use
Those used libraries and framework is the up-to-date version & applied the latest patches
Outdated components or known vulnerability (CVE) found in the identified product
Access to the default URL or admin page of the identified product
Any hardcoded secrets (API Key, Credentials)
Standard Error Handling
Cached sensitive data
Any sensitive or unnecessary data send in plain text
ALLOWBACKUP flag disabled
DEBUG flag disabled
Saved sensitive data in plain text
Log files securely stored with protection
Logging any sensitive data locally
Reference to the Web Application PenTest – Service API
Improper platform usage, such as permission, toucjID, keychain
Insecure communication, such as SSL Cert, Cert Pinning
Insecure authentication & authorization
insufficient cryptography
Reverse engineering
Last updated 1 year ago
