Extracting
Reversing
Dumping
Downgrading
Bypass verification
Malicious update
Reset to insecure state
Learn more >>
Overflows
Vulnerable services (web, ssh, tftp, etc.)
Privilege escalation
Learn more >>
Device spoofing
Identity tampering
Pairing attacks
Session hijacking
Brute force
Device impersonation
Weak identifier
Insecure crypto
Backdoor accounts
Default credentials
Learn more >>
UART
JTAG
SPI
USB
I2C
Learn more >>
Power consuming attack
Time based attack
Learn more >>
Battery abuse
Disable the device
Brick the device
Learn more >>
Sniffing
MITM attacks
Message integrity
Replay attacks
Insecure usage of protocols (e.g. MQTT, XMPP)
Identity / Event / Data spoofing
Privilege escalation
Learn more >>
This table is concentrated list of types of attacks and tests performed by AppSec Labs during security checks. This list includes all known attacks for the production of the document correctly.
Reverse Engineering the Application Code
Testing for Common Libraries and Fingerprinting
Enumeration of Application Known Controllers
Information Disclosure by Logcat
Learn more >>
Hidden Secrets in the Code
Storing Sensitive Data on Shared Storage (exposed to all applications without any restrictions)
Cryptographic Based Storage Strength
Content Providers Access Permissions
Content Providers SQL Injection
Privacy and Metadata Leaks
Learn more >>
User Propriety Data in Logcat
Technical Valuable Data in Logcat
Exposed Components and Cross Application Authorization
Permissions & Digital Signature Data Sharing Issues
Clipboard Separation
Public Intents and Unauthenticated Data Sources
Public Intents and Authorization Flaws
Code Puzzling and Abusing Application State
Race Conditions, Deadlocks and Concurrency Threats
In Device Denial of Service attacks
Learn more >>
Exposing Device Specific Identifiers in Attacker Visible Elements
Exposure of Private User Data to Attacker Visible Components
Tracking Application Installations in Insecure Means
Learn more >>
Tap Jacking
Client Side based Authorization Decisions
Learn more >>
Bypassing business logic
Learn more >>
WebView Security
Exposing External Java Interfaces in WebViews DOM
JavaScript Execution Risks at WebViews
Code Signing
Loading Dynamic DEX onto Dalvik
Abusing Dynamic Code Execution Decisions
Stack Based Buffer Overflows
Heap Based Buffer Overflows
Object Lifetime Vulnerabilities (Use-after-free, double free’s)
Format Strings Vulnerabilities
NDK Exposed Code Secrets
Integer Overflows
Integer Underflows
Learn more >>
Insecure Transport Layer Protocols
TLS Authenticity Flaws
TLS Weak Encryption
Bypassing TLS Certificate Pinning
TLS Known Issues – CRIME, BREACH, BEAST, Lucky13, RC4, etc…
Disable certificate validation
Learn more >>
Using Insecure Authentication Vectors (IMEI, MAC, etc..)
Cross Application Authentication
Local Authentication Bypass Threats
Client Side Based Authentication Flaws
Client Side Authorization Breaches
Learn more >>
Shared User Resources
Excessive Permissions
Disclosure of Privileged Data to Public Resources
Learn more >>
This table is concentrated list of types of attacks and tests performed by AppSec Labs during security checks. This list includes all known attacks for the production of the document correctly.
Testing for Common Libraries and Fingerprinting
Enumeration of Application Known Controllers
Information Disclosure by Apple System Log (ASL)
Learn more >>
Hidden Secrets in the Code
Storing Sensitive Data on Shared Storage
Storing Sensitive Data in application Cache files
Cryptographic Based Storage Strength
Content Providers Access Permissions
Content Providers SQL Injection
Privacy and Metadata Leaks
Learn more >>
User Propriety Data in ASL
Technical Valuable Data in ASL
Exposed Components and Cross Application Authorization
Permissions & Digital Signature Data Sharing Issues
Clipboard Separation
Code Puzzling and Abusing Application State
Race Conditions, Deadlocks and Concurrency Threats
In Device Denial of Service attacks
Learn more >>
Exposing Device Specific Identifiers in Attacker Visible Elements
Exposure of Private User Data to Attacker Visible Components
Tracking Application Installations in Insecure Means
Learn more >>
Tap Jacking
Client Side based Authorization Decisions
Learn more >>
Bypassing business logic
Bypassing controllers hierarchy
Learn more >>
WebView Security
Exposing External Java Interfaces in WebViews DOM
JavaScript Execution Risks at WebViews
Code Signing
Abusing Dynamic Code Execution Decisions
Stack Based Buffer Overflows
Heap Based Buffer Overflows
Object Lifetime Vulnerabilities (Use-after-free, double free’s)
Format Strings Vulnerabilities
Integer Overflows
Integer Underflows
Learn more >>
Insecure Transport Layer Protocols
TLS Authenticity Flaws
TLS Weak Encryption
Bypassing TLS Certificate Pinning
TLS Known Issues – CRIME, BREACH, BEAST, Lucky13, RC4, etc…
Disable certificate validation
Learn more >>
Using Insecure Authentication Vectors (IMEI, MAC, etc..)
Cross Application Authentication
Local Authentication Bypass Threats
Client Side Based Authentication Flaws
Client Side Authorization Breaches
Learn more >>
Shared User Resources
Excessive Permissions
Disclosure of Privileged Data to Public Resources
Learn more >>
Keychain Resources
Misuse of keychain storage
Developer Group Keychain usage
Learn more >>
This table is a concentrated list of types of attacks and tests performed by AppSec Labs during security checks. This list includes all known attacks for the production of the document correctly.
Search engine discovery / reconnaissance
Web application fingerprint
Review Webpage Comments and Metadata for Information Leakage
Application entry points Identification
Execution paths mapping
Web application framework fingerprinting
Web application fingerprinting
Application architecture mapping
Information Disclosure by error codes
SSL Weakness – SSL/TLS Testing (SSL Version, Algorithms, Key length, Digital Cert. Validity)
Learn more >>
Application Configuration management weakness
File extensions handling – sensitive information
Old, Backup and Unreferenced Files – Sensitive Information
Unauthorized Admin Interfaces access
HTTP Methods enabled, XST permitted, HTTP Verb
Http strict transport security
RIA cross domain policy
Role definitions enumeration
Vulnerable user registration process
Vulnerable account provisioning process
Permissions of Guest/Low Permission Accounts
Account suspension/resumption process
Learn more >>
Credentials Transported over Unencrypted Channel
User enumeration
Account lockout
Authentication bypass
“Remember password” functionality
Browser caching
Weak password policy
Weak password security mechanisms
Weak password change or reset flow
Race conditions
Weak multiple factors authentication
Weak CAPTCHA implementation
Weaker authentication in alternative channel
Learn more >>
Directory traversal/file inclusion
Authorization schema bypass
Privilege escalation
Insecure direct object references
Learn more >>
Session management bypass
Cookies are set without ‘HTTP Only’, ‘Secure’, and no time validity
Session fixation
Exposed session variables
Cross site request forgery (CSRF)
Logout management
Session timeout
Session puzzling
Learn more >>
Reflected cross site scripting
Stored cross site scripting
HTTP verb tampering
HTTP Parameter pollution / manipulation
SQL injection
LDAP injection
ORM injection
XML injection
SSI injection
Xpath Injection
IMAP/SMTP injection
Code injection
Local/remote file inclusion
Command injection
Buffer overflow
Heap overflow
Stack overflow
Format string manipulation
Incubated vulnerabilities
HTTP splitting/smuggling
Learn more >>
Analysis of Error Codes
Analysis of Stack Traces
Learn more >>
Weak SSL/TLS ciphers, insufficient transport layer protection
Padding oracle
Sensitive information sent via unencrypted channels
Learn more >>
Business logic data validation
Ability to Forge Requests
Integrity checks
Process timing
Replay attack
Circumvention of Work Flows
Abuse of Functionality
File upload vulnerabilities
Learn more >>
DOM based Cross Site Scripting
Javascript Execution
Html/css injection
Client side url redirect
Client side resource manipulation
Cross origin resource sharing
Cross site flashing
Clickjacking / UI rendering
Web sockets
Web messaging
Local storage / session storage sensitive information
Learn more >>
AJAX weakness
Learn more >>
SQL Wildcard vulnerability
Locking customer accounts
Buffer overflows
User specified object allocation
User Input as a Loop Counter
Writing User Provided Data to Disk
Failure to Release Resources
Storing too Much Data in Session
Learn more >>
WS information gathering
WSDL weakness
Weak xml structure
XML content-level
WS HTTP GET parameters/REST
WS Naughty SOAP attachments
WS replay testing
Learn more >>