
ILT-U-802
Mobile Application Security Proficiency Test. Aligned with the App Defense Alliance Mobile Application Security Testing Approach
DETERMINATION | METHOD |
| Application Architecture Security | Mobile application architecture review, attack surface analysis, and functionality discovery |
| Authentication Security | Authentication testing, session management assessment, and credential handling analysis |
| Authorization Security | Access control testing, privilege assessment, and object ownership validation |
| Data Protection Security | Local storage analysis, sensitive data exposure assessment, and cryptographic protection review |
| Communication Security | Network communication analysis, transport security assessment, and traffic interception testing |
| Platform Security | Platform configuration review, permission assessment, and application integrity evaluation |
| Backend API Security | API security assessment, endpoint analysis, input validation testing, and authorization verification |
| Business Logic Security | Workflow analysis, state transition assessment, and business process abuse testing |
| Vulnerability Validation | Technical verification, exploitability assessment, reproducibility analysis, and root cause determination |
| Risk Assessment | Impact analysis, likelihood assessment, severity determination, and remediation prioritization |
| Reporting Accuracy | Evidence review, finding classification, false-positive control, and remediation evaluation |

