This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Android Testing Cheat Sheet"
m (→Authors and Primary Editors) |
m (→Authors and Primary Editors) |
||
Line 48: | Line 48: | ||
Jonathan Carter | Jonathan Carter | ||
− | Prashant | + | Prashant Phatak |
Milan Singh Thakur | Milan Singh Thakur |
Revision as of 09:05, 14 March 2016
Last revision (mm/dd/yy): 03/14/2016 IntroductionDRAFT MODE - This Cheat Sheet is a Work in Progress This cheat sheet provides a checklist of tasks to be performed to do a penetration test of an Android application. It follows the OWASP Mobile Top 10 Risks list. Testing MethodologyAt the device level, there are 2 ways in which the application shall be tested.
At the application level, there are 2 ways in which it shall be tested
Application MappingMap the application for possible security vectors
OWASP Step-by-step Approach(For each of the standards below, there shall be multiple steps for the tester to follow]) M1 - Weaker Server side controlsM2 - Insecure Data storageM3 - Insufficient Transport LayerM4 - Unintended Data LeakageM5 - Poor Authorization and AuthenticationM6 - Broken CryptographyM7 - Client Side InjectionM8 - Security Decisions via untrusted inputsM9 - Improper Session HandlingM10 - Lack of Binary ProtectionAuthors and Primary EditorsJim Manico Jonathan Carter Prashant Phatak Milan Singh Thakur Other Cheatsheets |