The Penetration Testing Process
- Reconnaissance Active/Passive
- Scanning/Enumeration
- Exploitation
- Privilege Escalation / Maintaining Access / Lateral, Vertical movement
- Covering the tracks
- Reporting
The Mobile Application Penetration Testing Process
- Reconnaissance
- Static Analysis
- Dynamic Analysis
- Reporting
- Info about the company Mobile Apps, releases, reports, code
- Target app on the Play Store (Android) and App Store (iOS) for reviews, developers, versions, patches, company info, etc
Read app's code manually and via automated tools. Look for:
- security misconfigurations
- hardcoded strings
- user's information, email, username, passwords
- URL - recon, enumerate, new exploitation path via API gateways
- Cloud resources and storage buckets
- Local Storage locations
- etc
Run the application and manipulate it by:
- intercepting traffic with proxies
- dump (RAM) memory and check for stored secrets
- break SSL Pinning
- check for runtime created files on local storage
Check the OWASP MASTG for various mobile security tests. Some attacks can result in OWASP Top Ten related attack vectors (SQL injection, XSS, IDOR) on the full website.
Executive summary and detailed technical analysis of specific vulnerabilities, including criticality assessment, scoring, steps for reproduction, and mentions of positive security implementations.