This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Android Testing Cheat Sheet
From OWASP
DRAFT MODE - This Cheat Sheet is a Work in Progress
Last revision (mm/dd/yy): 03/2/2016 IntroductionThis cheat sheet provides a checklist of tasks to be performed to do a penetration test of an Android application. It follows the OWASP Mobile Top 10 Risks list. Testing MethodologyAt the device level, there are 2 ways in which the application shall be tested.
At the application level, there are 2 ways in which it shall be tested
Application MappingMap the application for possible security vectors
OWASP Step-by-step Approach(For each of the standards below, there shall be multiple steps for the tester to follow]) M1 - Weaker Server side controlsM2 - Insecure Data storageM3 - Insufficient Transport LayerM4 - Unintended Data LeakageM5 - Poor Authorization and AuthenticationM6 - Broken CryptographyM7 - Client Side InjectionM8 - Security Decisions via untrusted inputs M9 - Improper Session HandlingM10 - Lack of Binary ProtectionAuthors and Primary Editors? Other Cheatsheets |