Test Details & Scope
- Project Number:
- Date of Test:
- Target List:
Test Accounts
user1:password1 admin1:password1
Legend
-
- confirmed vulnerbility
-
- no issue or false positive ! - warnings about issues or possible vulnerabilities ? - still needs checking
Guides & Tools
OWASP - https://github.com/OWASP/owasp-mstg General Testing - https://github.com/OWASP/owasp-mstg/blob/master/Document/0x04a-Mobile-App-Taxonomy.md Android - https://github.com/OWASP/owasp-mstg/blob/master/Document/0x05a-Platform-Overview.md iOS - https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06a-Platform-Overview.md
Scanning
-
nmap: TCP
UDP
-
Nessus:
-
Burp Scanner:
-
Nikto:
-
SSLScan/TestSSL:
Information Gathering
-
App flavour? Native - iOS (Objective-C or Swift) vs Android (Java or Kotlin), native APIs .^. access to device functions. Web - Browser based (HTML5), sandboxed within that session, little-to-no access to device functions.
Hybrid - Most functions in embedded web browser (‘WebView’), some access to device functions. Progressive Web App(PWA) - Browser based, works offline, some access to device functions possible.