Scribd Logo
Importer

Bienvenue sur Scribd !

  • OWASP Mobile Checklist Final 2016

    Transféré par

    atul_raj4
    368 vues6 pages
    Latest OWASP Mobile Checklist

    Copyright

    © © All Rights Reserved

    Formats disponibles

    XLSX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Latest OWASP Mobile Checklist

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme XLSX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    368 vues6 pages

    OWASP Mobile Checklist Final 2016

    Transféré par

    atul_raj4
    Latest OWASP Mobile Checklist

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme XLSX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 6

    CLIENT SIDE CHECKS

    Sr.

    Vulnerability Name
    1 Application is Vulnerable to Reverse Engineering Attack/Lack of Code Obfuca
    2 Account Lockout not Implemented
    3 Application is Vulnerable to XSS
    4 Authentication bypassed
    5 Hard coded sensitive information in Application Code (including CryptoKey)
    6 Malicious File Upload
    7 Session Fixation
    8 Application does not Verify MSISDN
    9 Privilege Escalation
    10 SQL Injection
    11 Attacker can bypass Second Level Authentication
    12 Application is vulnerable to LDAP Injection
    13 Application is vulnerable to OS Command Injection
    14 iOS snapshot/backgrounding Vulnerability
    15 Debug is set to TRUE
    16 Application makes use of Weak Cryptography
    17 Cleartext information under SSL Tunnel
    18 Client Side Validation can be bypassed
    19 Invalid SSL Certificate
    20 Sensitive Information is sent as Clear Text over network/Lack of Data Protecti
    21 CAPTCHA is not implemented on Public Pages/Login Pages
    22 Improper or NO implementation of Change Password Page
    23 Application does not have Logout Functionality
    24 Sensitive information in Application Log Files
    25 Sensitive information sent as a querystring parameter
    26 URL Modification
    27 Sensitive information in Memory Dump
    28 Weak Password Policy
    29 Autocomplete is not set to OFF
    30 Application is accessible on Rooted or Jail Broken Device

    31 Back-and-Refresh attack
    32 Directory Browsing
    33 Usage of Persistent Cookies
    34 Open URL Redirects are possible
    35 Improper exception Handling: In code
    36 Insecure Application Permissions
    37 Application build contains Obsolete Files
    38 Certificate Chain is not Validated
    39 Last Login information is not displayed
    40 Private IP Disclosure
    41 UI Impersonation through RMS file modification
    42 UI Impersonation through JAR file modification
    43 Operation on a resource after expiration or release
    44 No Certificate Pinning
    45 Cached Cookies or information not cleaned after application removal/Close
    46 ASLR Not Used
    47 Clipboard is not disabled
    48 Cache smashing protection is not enabled
    49 Android Backup Vulnerability
    50 Unencrypted Credentials in Databases (sqlite db)
    51 Store sensitive information outside App Sandbox (on SDCard)
    52 Allow Global File Permission on App Data
    53 Store Encryption Key Locally/Store Sensitive Data in ClearText
    54 Bypass Certificate Pinning
    55 Third-party Data Transit on Unencrypted Channel
    56 Failure to Implement Trusted Issuers
    57 Allow All Hostname Verifier
    58 Ignore SSL Certificate Error
    59 Weak Custom Hostname Verifier
    60 App/Web Caches Sensitive Data Leak
    61 Leaking Content Provider
    62 Redundancy Permission Granted
    63 Use Spoof-able Values for Authenticating User (IMEI, UDID)
    64 Use of Insecure and/or Deprecated Algorithms
    65 Local File Inclusion (might be through XSS Vulnerability)
    66 Activity Hijacking
    67 Service Hijacking
    68 Broadcast Thief
    69 Malicious Broadcast Injection
    70 Malicious Activity/Service Launch
    71 Using Device Identifier as Session

    72 Symbols Remnant
    73 Lack of Check-sum Controls/Altered Detection

    SERVER SIDE CHECKS


    Sr.

    Vulnerability Name
    73 Cleartext password in Response
    74 Direct Reference to internal resource without authentication
    75 Application has NO or improper Session Management/Failure to Invalidate Se
    76 Cross Domain Scripting Vulnerability
    77 Cross Origin Resource Sharing
    78 Improper Input Validation - Server Side
    79 Detailed Error page shows internal sensitive information
    80 Application allows HTTP Methods besides GET and POST
    81 Cross Site Request Forgery (CSRF)/SSRF
    82 Cacheable HTTPS Responses
    83 Path Attribute not set on a Cookie
    84 HttpOnly Attribute not set for a cookie
    85 Secure Attribute not set for a cookie
    86 Application is Vulnerable to Clickjacking/Tapjacking attack
    87 Server/OS fingerprinting is possible
    88 Lack of Adequate Timeout Protection

    Applicable Compliant Classification


    Platform ?
    Yes/No/NA
    All
    Static Checks
    All
    Dynamic Checks
    All
    Static + Dynamic Checks
    All
    Dynamic Checks
    All
    Static Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    WAP
    Unknown
    All
    Dynamic Checks
    All
    Static + Dynamic Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    iOS
    Dynamic Checks
    Android
    Static Checks
    All
    Static Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Static Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Dynamic Checks
    All
    Static Checks
    All
    Dynamic Checks

    All
    All
    All
    All
    All
    All
    All
    All
    All
    All
    JAVA
    Android
    All
    All
    All
    iOS
    All
    iOS
    Android
    All
    All
    Android
    All
    All
    All
    Android
    Android
    All
    Android
    All
    Android
    Android
    All
    All
    All
    Android
    Android
    Android
    Android
    Android
    All

    Dynamic Checks
    Static + Dynamic Checks
    Dynamic Checks
    Dynamic Checks
    Static Checks
    Static Checks
    Static Checks
    Static + Dynamic Checks
    Dynamic Checks
    Static Checks
    Dynamic Checks
    Dynamic Checks
    Dynamic Checks
    Dynamic Checks
    Dynamic Checks
    Static Checks
    Dynamic Checks
    Static Checks
    Static Checks
    Dynamic Checks
    Dynamic Checks
    Dynamic Checks
    Dynamic Checks
    Dynamic Checks
    Dynamic Checks
    Static Checks
    Static Checks
    Static Checks
    Static Checks
    Dynamic Checks
    Dynamic Checks
    Static Checks
    Dynamic Checks
    Static Checks
    Static + Dynamic Checks
    Static Checks
    Static Checks
    Static Checks
    Static Checks
    Static Checks
    Dynamic Checks

    iOS
    Android

    Applicable Compliant
    Platform ?
    Yes/No/NA
    All
    All
    All
    All
    All
    All
    All
    All
    All
    All
    All
    All
    All
    All
    All
    All

    Static Checks
    Dynamic Checks

    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic
    Dynamic

    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks
    Checks

    Vous aimerez peut-être aussi