SlideShare ist ein Scribd-Unternehmen logo

Android pen test Checklist

Als ODT, PDF herunterladen
Tanmoy Ray
Tanmoy Ray

This are the information regarding android pen test Checklist. I hope it will be helpful for all android penetrating Tester .

Bildung
1 von 3
1. Information Gathering: Information gathering and attack surface definition. Sl.No. Analysis Yes/No Attention 1.1 General Information. List of general application data 1.2 Components list. List of application components. 1.3 Component permissions. List of application component permissions. 1.4 Components exported. 1.5 Component Launching Intents. List of component launching intents. 2. Configuration and Deploy Management: Configuration and deploy assessment. Sl.No. Analysis Yes/No Attention 2.1 Applications with debugging mode enabled. 2.2 List of vulnerable third-party libraries in use. 2.3 List of backup files stored in the application. 2.4 List of metadata applicable to file within the application. 2.5 List of enabled options on WebViews. 2.6 List of permissions of the files created by the application. 2.7 List of Content Provider component permissions. 2.8 List of Activities component permissions. 2.9 List of Services component permissions. 2.1O List of Broadcast Receivers component permissions. 2.11 List of permissions of the databases created by the application. 2.12 List of permissions of the shared preferences created by the application.
3. Authentication: Authentication assessment. Sl.No. Analysis Yes/No Attention 3.1 Login methods 3.2 Default Users and Passwords.List of default users and passwords stored by the application. 3.3 Weak Password Policy. Weaknesses related with the password robust policies. 3.4 Remember Credentials Functionality. Weaknesses related with credential storage through the remember functions. 4. Cryptography: Cryptography use assessment. Sl.No. Analysis Yes/No Attention 4.1 Hard-coded credentials.Passwords stored within the source code. 4.2 Insecure Data Storage.Weaknesses related with confidential information storage. 4.3 Insecure use of Transport Protocol. Weaknesses related with unsecure information flow. 4.4 Certificate Pinning. Weaknesses related with trusted chains of digital certifications. 5. Information Leak: Confidential information leak assessment. Sl.No. Analysis Yes/No Attention 3.1 Information Leak to log files. 3.2 Information Leak to SDCard. 3.3 Information Leak to Network 3.4 Information Leak to Android’s IPC
6. Data Validation:User entry management assessment. Sl.No. Analysis Yes/No Attention 6.1 HTML code injection. 6.2 Buffer overflow. 6.3 Command injection in databases. 6.4 Path injection in file access. 6.5 Null parameter checking. 6.6 Log injection. 6.7 Injection Process Control via intent data. 7. Intent Spoofing: Intent reception management assessment. Sl.No. Analysis Yes/No Attention 7.1 Intent Spoofing on Broadcast components. 7.2 Arbitrary launch of Activities 7.3 Arbitrary launch of Services. 7.4 Weaknesses related with the insecure use of Pending Intents. 8. Unauthorized Intent Receipt: Intent resolution assessment. Sl.No. Analysis Yes/No Attention 8.1 Intent interception on Broadcast components. 8.2 Intent interception on Activity components. 8.3 Intent interception on Service components. 8.4 Pending Intent interception.

Empfohlen

Automatic detction of web apps vulnerability
Automatic detction of web apps vulnerabilityAutomatic detction of web apps vulnerability
Automatic detction of web apps vulnerability임채호 박사님
 
owasp_meetup_12_10
owasp_meetup_12_10owasp_meetup_12_10
owasp_meetup_12_10sean_todd
 
Analyzing internetsecurity
Analyzing internetsecurityAnalyzing internetsecurity
Analyzing internetsecurityDr. TJ Wolfe
 
Cork.net - 26.01.2021
Cork.net - 26.01.2021Cork.net - 26.01.2021
Cork.net - 26.01.2021Jürgen Gutsch
 
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANEvento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANSWASCAN
 
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.comOWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.comSV Ruby on Rails Meetup
 
FAQ for MicrobeBridge Software
FAQ for MicrobeBridge SoftwareFAQ for MicrobeBridge Software
FAQ for MicrobeBridge SoftwareThermo Fisher Scientific
 
OWASP
OWASPOWASP
OWASPgehad hamdy
 

Empfohlen

Automatic detction of web apps vulnerability
Automatic detction of web apps vulnerabilityAutomatic detction of web apps vulnerability
Automatic detction of web apps vulnerability임채호 박사님
 
owasp_meetup_12_10
owasp_meetup_12_10owasp_meetup_12_10
owasp_meetup_12_10sean_todd
 
Analyzing internetsecurity
Analyzing internetsecurityAnalyzing internetsecurity
Analyzing internetsecurityDr. TJ Wolfe
 
Cork.net - 26.01.2021
Cork.net - 26.01.2021Cork.net - 26.01.2021
Cork.net - 26.01.2021Jürgen Gutsch
 
Evento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANEvento - Fintech Districht - Pierguido Iezzi - SWASCAN
Evento - Fintech Districht - Pierguido Iezzi - SWASCANSWASCAN
 
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.comOWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.com
OWASP Top 10 and Securing Rails - Sean Todd - PayNearMe.comSV Ruby on Rails Meetup
 
FAQ for MicrobeBridge Software
FAQ for MicrobeBridge SoftwareFAQ for MicrobeBridge Software
FAQ for MicrobeBridge SoftwareThermo Fisher Scientific
 
OWASP
OWASPOWASP
OWASPgehad hamdy
 
Srs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemesSrs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemesSahithi Naraparaju
 
IRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET Journal
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTshiriskumar
 
IRJET- Multiple Keyword Search for Encrypted Cloud Storage
IRJET- Multiple Keyword Search for Encrypted Cloud StorageIRJET- Multiple Keyword Search for Encrypted Cloud Storage
IRJET- Multiple Keyword Search for Encrypted Cloud StorageIRJET Journal
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment Mykhailo Antonishyn
 
OWASP-Web-Security-testing-4.2
OWASP-Web-Security-testing-4.2OWASP-Web-Security-testing-4.2
OWASP-Web-Security-testing-4.2Massimo Talia
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016Hafiz Sheikh Adnan Ahmed
 
Taking the Pain out of PCI Compliance
Taking the Pain out of PCI ComplianceTaking the Pain out of PCI Compliance
Taking the Pain out of PCI ComplianceTripwire
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysisCARMEN ALCIVAR
 
FAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptx
FAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptxFAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptx
FAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptxgattamanenitejeswar
 
Beacon Network
Beacon NetworkBeacon Network
Beacon NetworkMiro Cupak
 
KMS (1)
KMS (1)KMS (1)
KMS (1)Satyaki Mitra
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration TestingSurabaya Blackhat
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsJerod Brennen
 
Web application development_dos_and_donts
Web application development_dos_and_dontsWeb application development_dos_and_donts
Web application development_dos_and_dontshuynhvanphuc
 
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...IRJET Journal
 
IRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET Journal
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 

Weitere ähnliche Inhalte

Ähnlich wie Android pen test Checklist

Srs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemesSrs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemesSahithi Naraparaju
 
IRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET Journal
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTshiriskumar
 
IRJET- Multiple Keyword Search for Encrypted Cloud Storage
IRJET- Multiple Keyword Search for Encrypted Cloud StorageIRJET- Multiple Keyword Search for Encrypted Cloud Storage
IRJET- Multiple Keyword Search for Encrypted Cloud StorageIRJET Journal
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment Mykhailo Antonishyn
 
OWASP-Web-Security-testing-4.2
OWASP-Web-Security-testing-4.2OWASP-Web-Security-testing-4.2
OWASP-Web-Security-testing-4.2Massimo Talia
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the CloudNetStandard
 
Taking the Pain out of PCI Compliance
Taking the Pain out of PCI ComplianceTaking the Pain out of PCI Compliance
Taking the Pain out of PCI ComplianceTripwire
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysisCARMEN ALCIVAR
 
FAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptx
FAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptxFAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptx
FAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptxgattamanenitejeswar
 
Beacon Network
Beacon NetworkBeacon Network
Beacon NetworkMiro Cupak
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration TestingSurabaya Blackhat
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsJerod Brennen
 
Web application development_dos_and_donts
Web application development_dos_and_dontsWeb application development_dos_and_donts
Web application development_dos_and_dontshuynhvanphuc
 
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...IRJET Journal
 
IRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET Journal
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
 

Ähnlich wie Android pen test Checklist (20)

Srs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemesSrs document for identity based secure distributed data storage schemes
Srs document for identity based secure distributed data storage schemes
 
IRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption SystemIRJET- Adaptable Wildcard Searchable Encryption System
IRJET- Adaptable Wildcard Searchable Encryption System
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPT
 
IRJET- Multiple Keyword Search for Encrypted Cloud Storage
IRJET- Multiple Keyword Search for Encrypted Cloud StorageIRJET- Multiple Keyword Search for Encrypted Cloud Storage
IRJET- Multiple Keyword Search for Encrypted Cloud Storage
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment
 
OWASP-Web-Security-testing-4.2
OWASP-Web-Security-testing-4.2OWASP-Web-Security-testing-4.2
OWASP-Web-Security-testing-4.2
 
20 Security Controls for the Cloud
20 Security Controls for the Cloud20 Security Controls for the Cloud
20 Security Controls for the Cloud
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016
 
Taking the Pain out of PCI Compliance
Taking the Pain out of PCI ComplianceTaking the Pain out of PCI Compliance
Taking the Pain out of PCI Compliance
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysis
 
FAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptx
FAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptxFAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptx
FAST PHRASE SEARCH FOR ENCRYPTED CLOUD STORAGE.pptx
 
Beacon Network
Beacon NetworkBeacon Network
Beacon Network
 
KMS (1)
KMS (1)KMS (1)
KMS (1)
 
Android Security and Peneteration Testing
Android Security and Peneteration TestingAndroid Security and Peneteration Testing
Android Security and Peneteration Testing
 
Attacking and Defending Mobile Applications
Attacking and Defending Mobile ApplicationsAttacking and Defending Mobile Applications
Attacking and Defending Mobile Applications
 
Web application development_dos_and_donts
Web application development_dos_and_dontsWeb application development_dos_and_donts
Web application development_dos_and_donts
 
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
IRJET-Survey Paper on Security for Data Storage and Regeneration of Code by A...
 
IRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast EnvironmentIRJET - Virtual Data Auditing at Overcast Environment
IRJET - Virtual Data Auditing at Overcast Environment
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 

Kürzlich hochgeladen

social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 

Kürzlich hochgeladen (20)

social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 

Android pen test Checklist

  • 1. 1. Information Gathering: Information gathering and attack surface definition. Sl.No. Analysis Yes/No Attention 1.1 General Information. List of general application data 1.2 Components list. List of application components. 1.3 Component permissions. List of application component permissions. 1.4 Components exported. 1.5 Component Launching Intents. List of component launching intents. 2. Configuration and Deploy Management: Configuration and deploy assessment. Sl.No. Analysis Yes/No Attention 2.1 Applications with debugging mode enabled. 2.2 List of vulnerable third-party libraries in use. 2.3 List of backup files stored in the application. 2.4 List of metadata applicable to file within the application. 2.5 List of enabled options on WebViews. 2.6 List of permissions of the files created by the application. 2.7 List of Content Provider component permissions. 2.8 List of Activities component permissions. 2.9 List of Services component permissions. 2.1O List of Broadcast Receivers component permissions. 2.11 List of permissions of the databases created by the application. 2.12 List of permissions of the shared preferences created by the application.
  • 2. 3. Authentication: Authentication assessment. Sl.No. Analysis Yes/No Attention 3.1 Login methods 3.2 Default Users and Passwords.List of default users and passwords stored by the application. 3.3 Weak Password Policy. Weaknesses related with the password robust policies. 3.4 Remember Credentials Functionality. Weaknesses related with credential storage through the remember functions. 4. Cryptography: Cryptography use assessment. Sl.No. Analysis Yes/No Attention 4.1 Hard-coded credentials.Passwords stored within the source code. 4.2 Insecure Data Storage.Weaknesses related with confidential information storage. 4.3 Insecure use of Transport Protocol. Weaknesses related with unsecure information flow. 4.4 Certificate Pinning. Weaknesses related with trusted chains of digital certifications. 5. Information Leak: Confidential information leak assessment. Sl.No. Analysis Yes/No Attention 3.1 Information Leak to log files. 3.2 Information Leak to SDCard. 3.3 Information Leak to Network 3.4 Information Leak to Android’s IPC
  • 3. 6. Data Validation:User entry management assessment. Sl.No. Analysis Yes/No Attention 6.1 HTML code injection. 6.2 Buffer overflow. 6.3 Command injection in databases. 6.4 Path injection in file access. 6.5 Null parameter checking. 6.6 Log injection. 6.7 Injection Process Control via intent data. 7. Intent Spoofing: Intent reception management assessment. Sl.No. Analysis Yes/No Attention 7.1 Intent Spoofing on Broadcast components. 7.2 Arbitrary launch of Activities 7.3 Arbitrary launch of Services. 7.4 Weaknesses related with the insecure use of Pending Intents. 8. Unauthorized Intent Receipt: Intent resolution assessment. Sl.No. Analysis Yes/No Attention 8.1 Intent interception on Broadcast components. 8.2 Intent interception on Activity components. 8.3 Intent interception on Service components. 8.4 Pending Intent interception.