This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Android Testing Cheat Sheet"
m |
m (→Authors and Primary Editors) |
||
Line 44: | Line 44: | ||
= Authors and Primary Editors = | = Authors and Primary Editors = | ||
− | + | Jim Manico | |
+ | |||
+ | Jonathan Carter | ||
+ | |||
+ | Prashant Pathak | ||
+ | |||
+ | Milan Singh Thakur | ||
== Other Cheatsheets == | == Other Cheatsheets == |
Revision as of 07:24, 14 March 2016
Last revision (mm/dd/yy): 03/14/2016 IntroductionDRAFT MODE - This Cheat Sheet is a Work in Progress This cheat sheet provides a checklist of tasks to be performed to do a penetration test of an Android application. It follows the OWASP Mobile Top 10 Risks list. Testing MethodologyAt the device level, there are 2 ways in which the application shall be tested.
At the application level, there are 2 ways in which it shall be tested
Application MappingMap the application for possible security vectors
OWASP Step-by-step Approach(For each of the standards below, there shall be multiple steps for the tester to follow]) M1 - Weaker Server side controlsM2 - Insecure Data storageM3 - Insufficient Transport LayerM4 - Unintended Data LeakageM5 - Poor Authorization and AuthenticationM6 - Broken CryptographyM7 - Client Side InjectionM8 - Security Decisions via untrusted inputsM9 - Improper Session HandlingM10 - Lack of Binary ProtectionAuthors and Primary EditorsJim Manico Jonathan Carter Prashant Pathak Milan Singh Thakur Other Cheatsheets |