This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Android Testing Cheat Sheet"
From OWASP
m |
|||
Line 38: | Line 38: | ||
== M6 - Broken Cryptography == | == M6 - Broken Cryptography == | ||
== M7 - Client Side Injection == | == M7 - Client Side Injection == | ||
− | == M8 - Security Decisions via untrusted inputs M9 - Improper Session Handling == | + | == M8 - Security Decisions via untrusted inputs == |
+ | == M9 - Improper Session Handling == | ||
== M10 - Lack of Binary Protection == | == M10 - Lack of Binary Protection == | ||
Revision as of 02:19, 2 March 2016
Last revision (mm/dd/yy): 03/2/2016 IntroductionDRAFT MODE - This Cheat Sheet is a Work in Progress This cheat sheet provides a checklist of tasks to be performed to do a penetration test of an Android application. It follows the OWASP Mobile Top 10 Risks list. Testing MethodologyAt the device level, there are 2 ways in which the application shall be tested.
At the application level, there are 2 ways in which it shall be tested
Application MappingMap the application for possible security vectors
OWASP Step-by-step Approach(For each of the standards below, there shall be multiple steps for the tester to follow]) M1 - Weaker Server side controlsM2 - Insecure Data storageM3 - Insufficient Transport LayerM4 - Unintended Data LeakageM5 - Poor Authorization and AuthenticationM6 - Broken CryptographyM7 - Client Side InjectionM8 - Security Decisions via untrusted inputsM9 - Improper Session HandlingM10 - Lack of Binary ProtectionAuthors and Primary Editors? Other Cheatsheets |