jetlib.sec » Penetration Testing » Re: IT Audits/PT's of Smartphones

Feeds

133326 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

Penetration Testing

• August 04, 2011
• 

  Re: IT Audits/PT's of Smartphones

  Posted: August 4th, 2011, 7:29am PDT

  Tags:   

  Posted by Sheran Gunasekera on Aug 04

  Hello,
  
  I'm assuming you mean application vulnerability scanners? As far as
  I'm aware this is an area that needs improvement. I've done several
  pentests for applications developed by third-party vendors for my
  clients. I generally follow this approach:
  
  1. Get a copy of the app (usually I get it through the developer; if
  its live, you could download it) and reverse engineer it. During this
  stage I check for:
  
  a. Storing...