Difference between revisions of "Android Testing Cheat Sheet"

Latest revision as of 09:40, 16 February 2019

Last revision (mm/dd/yy): 02/16/2019

After an exchange with the leaders of the OWASP Mobile Security Testing Guide (MSTG) project, it was decided to replace the content of this cheat sheet by a reference to the dedicated content on the MSTG project.

The explanation is simple:

It's an OWASP project too.
The MSTG project is active.
It focus on Android and iOS areas.
It provides good and up-to-date advices about how to handle mobile threats for the both platforms.
MSTG content came from various specialists in the mobile domain.

Consult this section for information about ANDROID platform.

@@ Line 1: / Line 1: @@
-= DRAFT MODE - This Cheat Sheet is a Work in Progress =
+ __NOTOC__
-__NOTOC__
 <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>
 {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
-| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
+| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
 Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
-= Introduction  =
-This cheat sheet provides a checklist of tasks to be performed to do a penetration test of an Android application. It follows the [https://www.owasp.org/index.php/OWASP_Mobile_Security_Project OWASP Mobile Top 10 Risks] list.
-== Testing Methodology ==
-At the device level, there are 2 ways in which the application shall be tested.
-# With Android device running in a factory default or normal mode
-# With Android device running in a rooted mode
-At the application level, there are 2 ways in which it shall be tested
-# Application running on the device (to take benefits of touch related features)
-# Application running on the emulator (to ease the task of testing using wider screen of desktop or laptop)
-== Application Mapping ==
-Map the application for possible security vectors
-# What is the application genre ? (Game, business, productivity etc)
-# Does the application connect to backend web services?
-# Is the application purely native or incorporates readymade frameworks?
-# Does the application store data on the device?
-# What all features of the device are used by the application? (camera, gyroscope, contacts etc)
-= OWASP Step-by-step Approach =
-(For each of the standards below, there shall be multiple steps for the tester to follow])
-== M1 - Weaker Server side controls ==
-== M2 - Insecure Data storage ==
-== M3 - Insufficient Transport Layer ==
-== M4 - Unintended Data Leakage ==
-== M5 - Poor Authorization and Authentication ==
-== M6 - Broken Cryptography ==
-== M7 - Client Side Injection ==
-== M8 - Security Decisions via untrusted inputs M9 - Improper Session Handling ==
-== M10 - Lack of Binary Protection ==
-= Authors and Primary Editors =
-?
-== Other Cheatsheets ==
-{{Cheatsheet_Navigation_Body}}
+After an exchange with the leaders of the [https://github.com/OWASP/owasp-mstg OWASP Mobile Security Testing Guide (MSTG)] project, it was decided to replace the content of this cheat sheet by a reference to the dedicated content on the MSTG project.
-|}
+The explanation is simple:
+# It's an OWASP project too.
+# The MSTG project is active.
+# It focus on Android and iOS areas.
+# It provides good and up-to-date advices about how to handle mobile threats for the both platforms.
+# MSTG content came from various specialists in the mobile domain.
-[[Category:Cheatsheets]]
+Consult this [https://github.com/OWASP/owasp-mstg#android-testing-guide section] for information about ANDROID platform.

Difference between revisions of "Android Testing Cheat Sheet"

Latest revision as of 09:40, 16 February 2019

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools