This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Android Testing Cheat Sheet"
From OWASP
Line 1: | Line 1: | ||
− | |||
− | |||
__NOTOC__ | __NOTOC__ | ||
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div> | <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div> | ||
Line 8: | Line 6: | ||
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
= Introduction = | = Introduction = | ||
+ | <b>DRAFT MODE - This Cheat Sheet is a Work in Progress</b> | ||
+ | |||
This cheat sheet provides a checklist of tasks to be performed to do a penetration test of an Android application. It follows the [https://www.owasp.org/index.php/OWASP_Mobile_Security_Project OWASP Mobile Top 10 Risks] list. | This cheat sheet provides a checklist of tasks to be performed to do a penetration test of an Android application. It follows the [https://www.owasp.org/index.php/OWASP_Mobile_Security_Project OWASP Mobile Top 10 Risks] list. | ||
Revision as of 02:18, 2 March 2016
Last revision (mm/dd/yy): 03/2/2016 IntroductionDRAFT MODE - This Cheat Sheet is a Work in Progress This cheat sheet provides a checklist of tasks to be performed to do a penetration test of an Android application. It follows the OWASP Mobile Top 10 Risks list. Testing MethodologyAt the device level, there are 2 ways in which the application shall be tested.
At the application level, there are 2 ways in which it shall be tested
Application MappingMap the application for possible security vectors
OWASP Step-by-step Approach(For each of the standards below, there shall be multiple steps for the tester to follow]) M1 - Weaker Server side controlsM2 - Insecure Data storageM3 - Insufficient Transport LayerM4 - Unintended Data LeakageM5 - Poor Authorization and AuthenticationM6 - Broken CryptographyM7 - Client Side InjectionM8 - Security Decisions via untrusted inputs M9 - Improper Session HandlingM10 - Lack of Binary ProtectionAuthors and Primary Editors? Other Cheatsheets |