Mobile Scoping
What are the business security concerns regarding the mobile application in scope?
What is the main functionality of this application?
How many pages and input fields does the application contain?
Does the application communicate with any API's, Web Services etc.? If yes how many?
Is it an iOS or an Android application or both?
Does the application use certificate pinning?
Does the application implement jailbreak detection / root detection?
Will source code be available?
Does the application store or transmit sensitive information?
What is the current version of the mobile application in scope?
The IPA or the APK file needs to be provided ahead of the test
How many level of users exist in the application? (standard, Admin etc.)
Does the application contain a registration function?
Are there any constraints?
Who will be the technical contact?
Last updated