Android Application Penetration Testing
Kick-start your mobile pen testing for android apps using this mindmap. Find vulnerabilities that matter to your stakeholders.
Lost your password? Please enter your email address. You will receive a link to create a new password via email.
Comments ( 2 )
Hi Santosh, Nice mind map. However I have some questions, "Sensitive Information revealed in logs, cache etc." What could be examples of sensitive information. How can I access cache? How would I know if code is obfuscated?
Sensitive info reveled in logs n cache -> Some time user account related couple of sensitive data are stored in logs such as unique user id, username, any unique token per account login. Using that information one can go ahead and hunt for many businessl ogical flaws. A tester can access logs n cache only if the android device is rooted. If code is ofcuscated, then one will not be able to perform RE (Reverse Engineering)