100% found this document useful (1 vote)

313 views

Scoping Sheet For Mobile App Security Audit

Mobile (Android/iOS) Application Security Audit or Vulnerability Assessment and Penetration Testing (VAPT) scope questionnaire

Uploaded by

Maximus

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

313 views

Scoping Sheet For Mobile App Security Audit

Mobile (Android/iOS) Application Security Audit or Vulnerability Assessment and Penetration Testing (VAPT) scope questionnaire

Uploaded by

Maximus

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as XLSX, PDF, TXT or read online on Scribd

You are on page 1/ 4

Android / iOS Application Security Testing Que

# Particulars Clients Response - Application 1

1 Name & version of the application to be tested

2 Brief description of application

Supported Android OS version & architecture (Android)

3
Supported iOS version & architecture ex. Minimum iOS
Version 8+ 64 bit or 32 bit Devices (iOS)
On which device Application will run ex. iPhone, iPad, iPod
4
(iOS)
Application / Servers hosted on AWS/Azure/Google
5 Cloud/Other Data Center Service Provider (CtrlS, Netmagic,
Tata Communications) / In-house

Application users - End users for the

6 application? (In-house teams/customers/partners/citizens /
general users etc.)

How many roles defined in the application?

No. of roles and type of privileges for the different roles (e.g.;
7 admin user, normal user, Supervisor role, user with only view
access etc.)

Does application deal with the server for any kind of

8 information/request. Does application store any user
information or user input on server side in the database.

9 Does application store information/data on local device of

the end user ?

10 Does application use any URL Schema ex.

whatsapp://message/contactnumber
11 Does application stores any Data in Key Chain (iOS)
12 Application uses any web service ?
13 Does application use HTTPS or SSL Pinning ?
No. of activities (dynamic pages / screens) in the application
14 (Android)

15 No. of screens in the application (iOS)

16 Does application deal with or store any virtual currency ?

Application supports access over 2G, 3G, 4G, Wi-Fi, NFC or

17 others

Application is used to perform e-commerce or m-commerce

18 transactions ?

19 Application has File Upload facility ?

Application can interact with any device hardware like
a. NFC
b. Bluetooth
c. GPS
20 d. Camera
e. Microphone
f. Sensors
g. TouchID Sensor
H. Siri(Virtual Assistant) (iOS)

21 Development environment (Rails, Java, Django, ASP.NET,

etc.)
Use of any kind of framework (Appcelerator, jQuery Mobile,
22
CoronaSDK, TheAppBuilder, PhoneGap)

Application interacts with any other application like

a. Telephony (SMS, phone)
b. Contacts
c. Receiving data from apps and other on-device services
23 d. Google Wallet
e. Social networks (i.e. Facebook, Twitter, LinkedIn, Google+)
f. Dropbox
g. Evernote
h. Email

Hosting provider (AWS, App Engine, Heroku, Rackspace,

24 Azure, etc.)

25 Is application is built in Hybrid Environment ?

Does the application leverage Single Sign On, SAML or
26 Authentication APIs (Google Apps, Facebook, iTunes, OAuth,
etc.)

Any other APIs in use

i. Payment gateways
ii. SMS messaging
27 iii. Social networks
iv. Cloud file storage
v. Ad networks

Any additional point that needs to be considered while

28 security testing of the application?

Contact person to report operational issues as well as high

29 level vulnerabilities
Application Security Testing Questionnaire

Clients Response - Application 2 Clients Response - Application 3 Clients Response - Application 4

Infrastructure Audit Checklist
No ratings yet
Infrastructure Audit Checklist
3 pages
Cyber Security Risk Management Plan.
No ratings yet
Cyber Security Risk Management Plan.
17 pages
Vulnerability Assessment & Penetration Testing (VAPT) Basics & Methodologies
No ratings yet
Vulnerability Assessment & Penetration Testing (VAPT) Basics & Methodologies
17 pages
Application Security Review Checklist
No ratings yet
Application Security Review Checklist
10 pages
RBI IT Master Direction GRC
100% (1)
RBI IT Master Direction GRC
26 pages
Autoridad Myles Munroe Poder de La El Proposito y PDF Autoridad Myles Munroe
No ratings yet
Autoridad Myles Munroe Poder de La El Proposito y PDF Autoridad Myles Munroe
5 pages
Scoping Sheet For Network, Web App, Mobile App
No ratings yet
Scoping Sheet For Network, Web App, Mobile App
6 pages
AWS Services and Customer Responsibility Matrix For Alignment To The CSF.4dc4a98c
No ratings yet
AWS Services and Customer Responsibility Matrix For Alignment To The CSF.4dc4a98c
10 pages
Audit Checklist For POS
No ratings yet
Audit Checklist For POS
3 pages
Cybersecurity Competency Model: Gap Analysis Worksheet
No ratings yet
Cybersecurity Competency Model: Gap Analysis Worksheet
45 pages
Report
No ratings yet
Report
17 pages
Mobile Camera On The Fly
100% (1)
Mobile Camera On The Fly
1 page
Introduction To ASE Cockpit
No ratings yet
Introduction To ASE Cockpit
1 page
Scoping Sheet For Web App VAPT
No ratings yet
Scoping Sheet For Web App VAPT
4 pages
Mobile App Security Overview - Paper
No ratings yet
Mobile App Security Overview - Paper
10 pages
Mobile Application & Cloud VA - PT Proposal - Cashify
No ratings yet
Mobile Application & Cloud VA - PT Proposal - Cashify
4 pages
PCI Compliance - Best Practices For Securing Credit Card Data
100% (3)
PCI Compliance - Best Practices For Securing Credit Card Data
3 pages
CCC Professional Cloud Security Manager
No ratings yet
CCC Professional Cloud Security Manager
32 pages
JL Morission - VAPT - Proposal - REV
No ratings yet
JL Morission - VAPT - Proposal - REV
10 pages
Astra Security Sample VAPT Report
No ratings yet
Astra Security Sample VAPT Report
28 pages
Audit of It Environment
100% (1)
Audit of It Environment
39 pages
Cloud Security Checklist
No ratings yet
Cloud Security Checklist
2 pages
Service VAPT Presentation
No ratings yet
Service VAPT Presentation
14 pages
Cyber Security Awareness Presentation
100% (1)
Cyber Security Awareness Presentation
31 pages
Scoping Sheet For Network VAPT
No ratings yet
Scoping Sheet For Network VAPT
1 page
SQL Server Audit Checklist
No ratings yet
SQL Server Audit Checklist
1 page
Top Threats To Cloud Computing
No ratings yet
Top Threats To Cloud Computing
9 pages
Pci DSS:: What Every Dba Needs To Know
No ratings yet
Pci DSS:: What Every Dba Needs To Know
6 pages
IEEE Computer.: Sandhu@isse - Gmu.edu
No ratings yet
IEEE Computer.: Sandhu@isse - Gmu.edu
22 pages
Penetration Testing
No ratings yet
Penetration Testing
3 pages
Microsoft Cloud App Security Overview
No ratings yet
Microsoft Cloud App Security Overview
7 pages
Proposal VAPT Web Softlogique
No ratings yet
Proposal VAPT Web Softlogique
17 pages
3001 Mfa Best Practices
No ratings yet
3001 Mfa Best Practices
14 pages
PCI QSA Training Course Description
No ratings yet
PCI QSA Training Course Description
2 pages
CIS Controls and Sub Controls Mapping To NIST CSF
0% (1)
CIS Controls and Sub Controls Mapping To NIST CSF
64 pages
PCI Checklist
No ratings yet
PCI Checklist
3 pages
Section - 5 - Part B-31 Access Management Functional Requirements
No ratings yet
Section - 5 - Part B-31 Access Management Functional Requirements
3 pages
Checklist Web Application Security
No ratings yet
Checklist Web Application Security
2 pages
S.No Name Brief Details
No ratings yet
S.No Name Brief Details
19 pages
PCI DSS Compliance Planning Guide - Windows Security
No ratings yet
PCI DSS Compliance Planning Guide - Windows Security
47 pages
Security Gap Analysis Template: in Place? Rating
0% (1)
Security Gap Analysis Template: in Place? Rating
6 pages
Web Application Audit Checklist
No ratings yet
Web Application Audit Checklist
2 pages
VAPT RFP v1
100% (1)
VAPT RFP v1
6 pages
IT Advisory
No ratings yet
IT Advisory
46 pages
Vulnerability Assessment and Penetration Testing IJERTV10IS050111
No ratings yet
Vulnerability Assessment and Penetration Testing IJERTV10IS050111
6 pages
589502main - ITS-HBK-2810.09-02 (NASA Information Security Incident Management)
No ratings yet
589502main - ITS-HBK-2810.09-02 (NASA Information Security Incident Management)
59 pages
CISA - Certified Information Systems Auditor
No ratings yet
CISA - Certified Information Systems Auditor
19 pages
Pci-Dss What Does It Mean To Me?: Presented by
No ratings yet
Pci-Dss What Does It Mean To Me?: Presented by
10 pages
Computer Security Audit Checklist
No ratings yet
Computer Security Audit Checklist
5 pages
Azure Security Benchmark v3.0
No ratings yet
Azure Security Benchmark v3.0
290 pages
Identity and Access Management
No ratings yet
Identity and Access Management
10 pages
Antivirus Software in Comparison
100% (1)
Antivirus Software in Comparison
12 pages
SOC
50% (2)
SOC
3 pages
It Audit Leaders Forum Recap Res Eng 0817
No ratings yet
It Audit Leaders Forum Recap Res Eng 0817
13 pages
COBIT
No ratings yet
COBIT
19 pages
MSP Cybersecurity Checklist Final
No ratings yet
MSP Cybersecurity Checklist Final
12 pages
ISO 17799 Audit Sample
No ratings yet
ISO 17799 Audit Sample
17 pages
Kiwiqa Services: Web Application Vapt Report
No ratings yet
Kiwiqa Services: Web Application Vapt Report
25 pages
ISMS End User Awareness: Wipro Consulting Services
No ratings yet
ISMS End User Awareness: Wipro Consulting Services
30 pages
Everett & McKinsey Identity and Access Management 2009 Survey
No ratings yet
Everett & McKinsey Identity and Access Management 2009 Survey
40 pages
Secureism Company Profile 2023
100% (1)
Secureism Company Profile 2023
13 pages
Network Security Complete Self-Assessment Guide
From Everand
Network Security Complete Self-Assessment Guide
Gerardus Blokdyk
No ratings yet
Mobile Application Testing
100% (1)
Mobile Application Testing
28 pages
How To Download and Install NX 10.0
No ratings yet
How To Download and Install NX 10.0
25 pages
A Sudo Apt Install Kubectl: A Organization, Folders, Projects
No ratings yet
A Sudo Apt Install Kubectl: A Organization, Folders, Projects
13 pages
How To Build Your Own CyanogenMod 11
No ratings yet
How To Build Your Own CyanogenMod 11
7 pages
CRM Web Ui
No ratings yet
CRM Web Ui
9 pages
SPD
No ratings yet
SPD
69 pages
CustomCodeMigration OP1809
No ratings yet
CustomCodeMigration OP1809
42 pages
Agile Project Management With Trello: Lisa Komidar, SCM/CAPM PSU World Campus - Learning Design
No ratings yet
Agile Project Management With Trello: Lisa Komidar, SCM/CAPM PSU World Campus - Learning Design
34 pages
The Daily Life of Cybersecurity(1)
No ratings yet
The Daily Life of Cybersecurity(1)
10 pages
CCG Office 365 Overview
No ratings yet
CCG Office 365 Overview
13 pages
AWS Sample Resume 2
100% (1)
AWS Sample Resume 2
3 pages
DS-D60E-B
No ratings yet
DS-D60E-B
4 pages
Selenium Beginner Roadmap
No ratings yet
Selenium Beginner Roadmap
17 pages
Jamie Chastain: Career Summary Profile
No ratings yet
Jamie Chastain: Career Summary Profile
3 pages
DAS - User Guide
No ratings yet
DAS - User Guide
51 pages
3. Usually
No ratings yet
3. Usually
8 pages
Student Information System
80% (5)
Student Information System
58 pages
Free Palestine
No ratings yet
Free Palestine
12 pages
05 Output Devices
No ratings yet
05 Output Devices
14 pages
Hesp Whitepaper 2019
No ratings yet
Hesp Whitepaper 2019
12 pages
Microsoft Excel Basics Lessons
No ratings yet
Microsoft Excel Basics Lessons
16 pages
Sample SRS1
No ratings yet
Sample SRS1
73 pages
Muhammad Ali Resume
No ratings yet
Muhammad Ali Resume
4 pages
Web Security: Different Web Application Attacks Client Side Attack
No ratings yet
Web Security: Different Web Application Attacks Client Side Attack
9 pages
Module 6 - Power Platform Application Lifecycle Management
No ratings yet
Module 6 - Power Platform Application Lifecycle Management
46 pages
Javascript Validation
No ratings yet
Javascript Validation
2 pages
Kano Book 02 PDF
No ratings yet
Kano Book 02 PDF
72 pages
Connectors and Their Types
No ratings yet
Connectors and Their Types
7 pages

Scoping Sheet For Mobile App Security Audit

Uploaded by

Scoping Sheet For Mobile App Security Audit

Uploaded by

Android / iOS Application Security Testing Que

# Particulars Clients Response - Application 1

1 Name & version of the application to be tested

Supported Android OS version & architecture (Android)

Application users - End users for the

How many roles defined in the application?

Does application deal with the server for any kind of

9 Does application store information/data on local device of

10 Does application use any URL Schema ex.

15 No. of screens in the application (iOS)

16 Does application deal with or store any virtual currency ?

Application supports access over 2G, 3G, 4G, Wi-Fi, NFC or

Application is used to perform e-commerce or m-commerce

19 Application has File Upload facility ?

21 Development environment (Rails, Java, Django, ASP.NET,

Application interacts with any other application like

Hosting provider (AWS, App Engine, Heroku, Rackspace,

25 Is application is built in Hybrid Environment ?

Any other APIs in use

Any additional point that needs to be considered while

Contact person to report operational issues as well as high

Clients Response - Application 2 Clients Response - Application 3 Clients Response - Application 4

You might also like