Mobile Application Security Assessment

Mobile Application Security testing involves a series of steps aimed at gathering information about the target system, finding vulnerabilities or faults in them, researching for exploits that will succeed against those faults or vulnerabilities and compromise the application. These include but are not limited to the below categories

• Information Gathering
• Configuration and Deploy Management
• Identity Management
• Authentication & Authorization
• Session Management
• Data Validation
• Error Handling
• Cryptography
• Business Logic
• Client side/Server side

OWASP Top 10 Mobile Vulnerabilities

1. M1 Improper Platform Usage

2. M2 Insecure Data Storage

3. M3 Insecure Communication

4. M4 Insecure Authentication

5. M5 Insufficient Cryptography

6. M6 Insecure Authorization

7. M7 Client Code Quality

8. M8 Code Tampering

9. M9 Reverse Engineering

10. M10 Extraneous Functionality