Mobile Security Testing Techniques¶
Generic Techniques¶
| ID | Name | Platform |
|---|---|---|
| MASTG-TECH-0051 | Tampering and Runtime Instrumentation | generic |
| MASTG-TECH-0047 | Reverse Engineering | generic |
| MASTG-TECH-0048 | Static Analysis | generic |
| MASTG-TECH-0049 | Dynamic Analysis | generic |
| MASTG-TECH-0050 | Binary Analysis | generic |
Android Techniques¶
| ID | Name | Platform |
|---|---|---|
| MASTG-TECH-0025 | Automated Static Analysis | android |
| MASTG-TECH-0039 | Repackaging & Re-Signing | android |
| MASTG-TECH-0017 | Decompiling Java Code | android |
| MASTG-TECH-0003 | Obtaining and Extracting Apps | android |
| MASTG-TECH-0018 | Disassembling Native Code | android |
| MASTG-TECH-0012 | Bypassing Certificate Pinning | android |
| MASTG-TECH-0007 | Exploring the App Package | android |
| MASTG-TECH-0011 | Setting Up an Interception Proxy | android |
| MASTG-TECH-0013 | Reverse Engineering Android Apps | android |
| MASTG-TECH-0036 | Emulation-based Analysis | android |
| MASTG-TECH-0029 | Get Loaded Native Libraries | android |
| MASTG-TECH-0042 | Getting Loaded Classes and Methods Dynamically | android |
| MASTG-TECH-0031 | Debugging | android |
| MASTG-TECH-0020 | Retrieving Cross References | android |
| MASTG-TECH-0021 | Information Gathering - API Usage | android |
| MASTG-TECH-0045 | Runtime Reverse Engineering | android |
| MASTG-TECH-0033 | Method Tracing | android |
| MASTG-TECH-0034 | Native Code Tracing | android |
| MASTG-TECH-0043 | Method Hooking | android |
| MASTG-TECH-0016 | Disassembling Code to Smali | android |
| MASTG-TECH-0019 | Retrieving Strings | android |
| MASTG-TECH-0027 | Get Open Files | android |
| MASTG-TECH-0009 | Monitoring System Logs | android |
| MASTG-TECH-0006 | Listing Installed Apps | android |
| MASTG-TECH-0014 | Static Analysis on Android | android |
| MASTG-TECH-0015 | Dynamic Analysis on Android | android |
| MASTG-TECH-0004 | Repackaging Apps | android |
| MASTG-TECH-0024 | Reviewing Disassembled Native Code | android |
| MASTG-TECH-0022 | Information Gathering - Network Communication | android |
| MASTG-TECH-0041 | Library Injection | android |
| MASTG-TECH-0023 | Reviewing Decompiled Java Code | android |
| MASTG-TECH-0005 | Installing Apps | android |
| MASTG-TECH-0038 | Patching | android |
| MASTG-TECH-0026 | Dynamic Analysis on Non-Rooted Devices | android |
| MASTG-TECH-0040 | Waiting for the Debugger | android |
| MASTG-TECH-0108 | Taint Analysis | android |
| MASTG-TECH-0037 | Symbolic Execution | android |
| MASTG-TECH-0008 | Accessing App Data Directories | android |
| MASTG-TECH-0032 | Execution Tracing | android |
| MASTG-TECH-0028 | Get Open Connections | android |
| MASTG-TECH-0001 | Accessing the Device Shell | android |
| MASTG-TECH-0044 | Process Exploration | android |
| MASTG-TECH-0002 | Host-Device Data Transfer | android |
| MASTG-TECH-0030 | Sandbox Inspection | android |
| MASTG-TECH-0010 | Basic Network Monitoring/Sniffing | android |
| MASTG-TECH-0035 | JNI Tracing | android |
Ios Techniques¶
| ID | Name | Platform |
|---|---|---|
| MASTG-TECH-0087 | Native Code Tracing | ios |
| MASTG-TECH-0086 | Method Tracing | ios |
| MASTG-TECH-0077 | Reviewing Disassembled Native Code | ios |
| MASTG-TECH-0081 | Get Open Connections | ios |
| MASTG-TECH-0084 | Debugging | ios |
| MASTG-TECH-0092 | Repackaging and Re-Signing | ios |
| MASTG-TECH-0071 | Retrieving Strings | ios |
| MASTG-TECH-0067 | Dynamic Analysis on iOS | ios |
| MASTG-TECH-0088 | Emulation-based Analysis | ios |
| MASTG-TECH-0089 | Symbolic Execution | ios |
| MASTG-TECH-0083 | Sandbox Inspection | ios |
| MASTG-TECH-0079 | Dynamic Analysis on Non-Jailbroken Devices | ios |
| MASTG-TECH-0074 | Information Gathering - Network Communication | ios |
| MASTG-TECH-0085 | Execution Tracing | ios |
| MASTG-TECH-0072 | Retrieving Cross References | ios |
| MASTG-TECH-0056 | Installing Apps | ios |
| MASTG-TECH-0053 | Host-Device Data Transfer | ios |
| MASTG-TECH-0073 | Information Gathering - API Usage | ios |
| MASTG-TECH-0052 | Accessing the Device Shell | ios |
| MASTG-TECH-0091 | Library Injection | ios |
| MASTG-TECH-0078 | Automated Static Analysis | ios |
| MASTG-TECH-0097 | Runtime Reverse Engineering | ios |
| MASTG-TECH-0075 | Reviewing Decompiled Objective-C and Swift Code | ios |
| MASTG-TECH-0054 | Obtaining and Extracting Apps | ios |
| MASTG-TECH-0070 | Extracting Information from the Application Binary | ios |
| MASTG-TECH-0090 | Patching | ios |
| MASTG-TECH-0096 | Process Exploration | ios |
| MASTG-TECH-0060 | Monitoring System Logs | ios |
| MASTG-TECH-0062 | Basic Network Monitoring/Sniffing | ios |
| MASTG-TECH-0058 | Exploring the App Package | ios |
| MASTG-TECH-0063 | Setting up an Interception Proxy | ios |
| MASTG-TECH-0095 | Method Hooking | ios |
| MASTG-TECH-0055 | Repackaging Apps | ios |
| MASTG-TECH-0057 | Listing Installed Apps | ios |
| MASTG-TECH-0093 | Waiting for the debugger | ios |
| MASTG-TECH-0059 | Accessing App Data Directories | ios |
| MASTG-TECH-0065 | Reverse Engineering iOS Apps | ios |
| MASTG-TECH-0080 | Get Open Files | ios |
| MASTG-TECH-0068 | Disassembling Native Code | ios |
| MASTG-TECH-0066 | Static Analysis on iOS | ios |
| MASTG-TECH-0098 | Patching React Native Apps | ios |
| MASTG-TECH-0069 | Decompiling Native Code | ios |
| MASTG-TECH-0064 | Bypassing Certificate Pinning | ios |
| MASTG-TECH-0076 | Reviewing Disassembled Objective-C and Swift Code | ios |
| MASTG-TECH-0094 | Getting Loaded Classes and Methods dynamically | ios |
| MASTG-TECH-0082 | Get Loaded Native Libraries | ios |
| MASTG-TECH-0061 | Dumping KeyChain Data | ios |