In this section, functionalities related with the use of logins through the application will be checked. Note that vulnerability cases will be searched within the Android application. If the authentication is carried out against a thirdparty (WebService, REST service, etc.), the third-party security will not be assessed, only the weaknesses related with the Android application itself.
The following controls are applied in this section:
OASAM-AUTH-001: Login methods!!!!!!!! / PENDING.
OASAM-AUTH-002: Default Users and Passwords.List of default users and passwords stored by the application.
OASAM-AUTH-003: Weak Password Policy. Weaknesses related with the password robust policies.
OASAM-AUTH-004: Remember Credentials Functionality. Weaknesses related with credential storage through the remember functions.