Firmware Extracting & Reversing
Extracting
Reversing
Dumping
Downgrading
Bypass verification
Malicious update
Reset to insecure state
Learn more >>
Device App Vulnerabilities
Overflows
Vulnerable services (web, ssh, tftp, etc.)
Privilege escalation
Learn more >>
Local Data Storage
Device spoofing
Identity tampering
Pairing attacks
Session hijacking
Brute force
Device impersonation
Weak identifier
Insecure crypto
Backdoor accounts
Default credentials
Learn more >>
Exposed Debugging Interfaces
UART
JTAG
SPI
USB
I2C
Learn more >>
Side Channel Attacks
Power consuming attack
Time based attack
Learn more >>
Denial of Service
Battery abuse
Disable the device
Brick the device
Learn more >>
Network Traffic
Sniffing
MITM attacks
Message integrity
Replay attacks
Insecure usage of protocols (e.g. MQTT, XMPP)
Identity / Event / Data spoofing
Privilege escalation
Learn more >>
This table is concentrated list of types of attacks and tests performed by AppSec Labs during security checks. This list includes all known attacks for the production of the document correctly.
Information Gathering
Reverse Engineering the Application Code
Testing for Common Libraries and Fingerprinting
Enumeration of Application Known Controllers
Information Disclosure by Logcat
Learn more >>
Application Local Storage Flaws
Hidden Secrets in the Code
Storing Sensitive Data on Shared Storage (exposed to all applications without any restrictions)
Cryptographic Based Storage Strength
Content Providers Access Permissions
Content Providers SQL Injection
Privacy and Metadata Leaks
Learn more >>
IPC Security
User Propriety Data in Logcat
Technical Valuable Data in Logcat
Exposed Components and Cross Application Authorization
Permissions & Digital Signature Data Sharing Issues
Clipboard Separation
Public Intents and Unauthenticated Data Sources
Public Intents and Authorization Flaws
Code Puzzling and Abusing Application State
Race Conditions, Deadlocks and Concurrency Threats
In Device Denial of Service attacks
Learn more >>
Privacy Breaches
Exposing Device Specific Identifiers in Attacker Visible Elements
Exposure of Private User Data to Attacker Visible Components
Tracking Application Installations in Insecure Means
Learn more >>
UI Security
Tap Jacking
Client Side based Authorization Decisions
Learn more >>
Business Logic Testing
Bypassing business logic
Learn more >>
Execution of Untrusted Code
WebView Security
Exposing External Java Interfaces in WebViews DOM
JavaScript Execution Risks at WebViews
Code Signing
Loading Dynamic DEX onto Dalvik
Abusing Dynamic Code Execution Decisions
Stack Based Buffer Overflows
Heap Based Buffer Overflows
Object Lifetime Vulnerabilities (Use-after-free, double free’s)
Format Strings Vulnerabilities
NDK Exposed Code Secrets
Integer Overflows
Integer Underflows
Learn more >>
Transport Layer Security
Insecure Transport Layer Protocols
TLS Authenticity Flaws
TLS Weak Encryption
Bypassing TLS Certificate Pinning
TLS Known Issues – CRIME, BREACH, BEAST, Lucky13, RC4, etc…
Disable certificate validation
Learn more >>
Authentication Flaws
Using Insecure Authentication Vectors (IMEI, MAC, etc..)
Cross Application Authentication
Local Authentication Bypass Threats
Client Side Based Authentication Flaws
Client Side Authorization Breaches
Learn more >>
Android Sandbox Security
Shared User Resources
Excessive Permissions
Disclosure of Privileged Data to Public Resources
Learn more >>
This table is concentrated list of types of attacks and tests performed by AppSec Labs during security checks. This list includes all known attacks for the production of the document correctly.
Information Gathering
Testing for Common Libraries and Fingerprinting
Enumeration of Application Known Controllers
Information Disclosure by Apple System Log (ASL)
Learn more >>
Application Local Storage Flaws
Hidden Secrets in the Code
Storing Sensitive Data on Shared Storage
Storing Sensitive Data in application Cache files
Cryptographic Based Storage Strength
Content Providers Access Permissions
Content Providers SQL Injection
Privacy and Metadata Leaks
Learn more >>
IPC Security
User Propriety Data in ASL
Technical Valuable Data in ASL
Exposed Components and Cross Application Authorization
Permissions & Digital Signature Data Sharing Issues
Clipboard Separation
Code Puzzling and Abusing Application State
Race Conditions, Deadlocks and Concurrency Threats
In Device Denial of Service attacks
Learn more >>
Privacy Breaches
Exposing Device Specific Identifiers in Attacker Visible Elements
Exposure of Private User Data to Attacker Visible Components
Tracking Application Installations in Insecure Means
Learn more >>
UI Security
Tap Jacking
Client Side based Authorization Decisions
Learn more >>
Business Logic Testing
Bypassing business logic
Bypassing controllers hierarchy
Learn more >>
Execution of Untrusted Code
WebView Security
Exposing External Java Interfaces in WebViews DOM
JavaScript Execution Risks at WebViews
Code Signing
Abusing Dynamic Code Execution Decisions
Stack Based Buffer Overflows
Heap Based Buffer Overflows
Object Lifetime Vulnerabilities (Use-after-free, double free’s)
Format Strings Vulnerabilities
Integer Overflows
Integer Underflows
Learn more >>
Transport Layer Security
Insecure Transport Layer Protocols
TLS Authenticity Flaws
TLS Weak Encryption
Bypassing TLS Certificate Pinning
TLS Known Issues – CRIME, BREACH, BEAST, Lucky13, RC4, etc…
Disable certificate validation
Learn more >>
Authentication Flaws
Using Insecure Authentication Vectors (IMEI, MAC, etc..)
Cross Application Authentication
Local Authentication Bypass Threats
Client Side Based Authentication Flaws
Client Side Authorization Breaches
Learn more >>
Application Sandbox Security
Shared User Resources
Excessive Permissions
Disclosure of Privileged Data to Public Resources
Learn more >>
Application Keychain Security
Keychain Resources
Misuse of keychain storage
Developer Group Keychain usage
Learn more >>
This table is a concentrated list of types of attacks and tests performed by AppSec Labs during security checks. This list includes all known attacks for the production of the document correctly.
Information Gathering
Search engine discovery / reconnaissance
Web application fingerprint
Review Webpage Comments and Metadata for Information Leakage
Application entry points Identification
Execution paths mapping
Web application framework fingerprinting
Web application fingerprinting
Application architecture mapping
Information Disclosure by error codes
SSL Weakness – SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity)
Learn more >>
Configuration and Deploy Management Testing
Application Configuration management weakness
File extensions handling – sensitive information
Old, Backup and Unreferenced Files – Sensitive Information
Unauthorized Admin Interfaces access
HTTP Methods enabled, XST permitted, HTTP Verb
Http strict transport security
RIA cross domain policy
Role definitions enumeration
Vulnerable user registration process
Vulnerable account provisioning process
Permissions of Guest/Low Permission Accounts
Account suspension/resumption process
Learn more >>
Authentication Testing
Credentials Transported over Unencrypted Channel
User enumeration
Account lockout
Authentication bypass
“Remember password” functionality
Browser caching
Weak password policy
Weak password security mechanisms
Weak password change or reset flow
Race conditions
Weak multiple factors authentication
Weak CAPTCHA implementation
Weaker authentication in alternative channel
Learn more >>
Authorization Testing
Directory traversal/file inclusion
Authorization schema bypass
Privilege escalation
Insecure direct object references
Learn more >>
Session Management Testing
Session management bypass
Cookies are set without ‘HTTP Only’, ‘Secure’, and no time validity
Session fixation
Exposed session variables
Cross site request forgery (CSRF)
Logout management
Session timeout
Session puzzling
Learn more >>
Data Validation Testing
Reflected cross site scripting
Stored cross site scripting
HTTP verb tampering
HTTP Parameter pollution / manipulation
SQL injection
LDAP injection
ORM injection
XML injection
SSI injection
Xpath Injection
IMAP/SMTP injection
Code injection
Local/remote file inclusion
Command injection
Buffer overflow
Heap overflow
Stack overflow
Format string manipulation
Incubated vulnerabilities
HTTP splitting/smuggling
Learn more >>
Error Handling
Analysis of Error Codes
Analysis of Stack Traces
Learn more >>
Cryptography
Weak SSL/TLS ciphers, insufficient transport layer protection
Padding oracle
Sensitive information sent via unencrypted channels
Learn more >>
Business Logic Testing
Business logic data validation
Ability to Forge Requests
Integrity checks
Process timing
Replay attack
Circumvention of Work Flows
Abuse of Functionality
File upload vulnerabilities
Learn more >>
Client Side Testing
DOM based Cross Site Scripting
Javascript Execution
Html/css injection
Client side url redirect
Client side resource manipulation
Cross origin resource sharing
Cross site flashing
Clickjacking / UI rendering
Web sockets
Web messaging
Local storage / session storage sensitive information
Learn more >>
AJAX Testing
AJAX weakness
Learn more >>
Denial of Service Testing
SQL Wildcard vulnerability
Locking customer accounts
Buffer overflows
User specified object allocation
User Input as a Loop Counter
Writing User Provided Data to Disk
Failure to Release Resources
Storing too Much Data in Session
Learn more >>
Web Services Testing
WS information gathering
WSDL weakness
Weak xml structure
XML content-level
WS HTTP GET parameters/REST
WS Naughty SOAP attachments
WS replay testing
Learn more >>