Scribd
Upload
16 views

Assignment 5_ Mobile Application Security Analysis Using OWASP ZAP

The assignment requires students to analyze a mobile application using OWASP ZAP, focusing on network security, authentication, and session management. Students must document findings related to insecure transmissions and session token management, and provide security recommendations mapped to OWASP standards. The final deliverable is a 6-8 page PDF report summarizing the analysis and recommendations.

Uploaded by

andrewlite.sr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
16 views

Assignment 5_ Mobile Application Security Analysis Using OWASP ZAP

The assignment requires students to analyze a mobile application using OWASP ZAP, focusing on network security, authentication, and session management. Students must document findings related to insecure transmissions and session token management, and provide security recommendations mapped to OWASP standards. The final deliverable is a 6-8 page PDF report summarizing the analysis and recommendations.

Uploaded by

andrewlite.sr
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Assignment 4: Mobile Application Security Analysis

Using OWASP ZAP


Objective: Building on the lab, students will use OWASP ZAP to conduct a deeper analysis of a
mobile application, focusing on network security, authentication, and session management, as
outlined by OWASP MSTG and MASVS.

Assignment Requirements
1. Select a Mobile Application for Testing:
○ Use any publicly available APK (e.g., a non-production educational app) or a
simple app provided by the instructor.
2. Network Security Testing (4%):
○ Use OWASP ZAP to capture and analyze network traffic between the mobile app
and the server.
○ Identify and document any occurrences of insecure transmission (e.g., HTTP
requests or unencrypted sensitive data).
○ Deliverable: Include screenshots and analysis of intercepted traffic, focusing on:
■ Any sensitive data transmitted over HTTP.
■ Data transmitted in plain text, such as login credentials or personal
information.
3. Authentication and Session Management Testing (4%):
○ Test the app’s login functionality and analyze session token management.
○ Check if session tokens are securely transmitted (over HTTPS) and analyze how
they are managed after login.
○ Attempt a basic session fixation test by reusing session tokens.
○ Deliverable: A report with screenshots of the authentication flow, observations
on session management practices, and any vulnerabilities identified.
4. Security Recommendations (2%):
○ Based on findings, provide recommendations for improving the app’s security.
○ Map each recommendation to a relevant MASVS requirement (e.g., L1 or L2 for
network security, authentication).
○ Deliverable: A summary section in the report outlining specific OWASP-based
improvements, with references to MSTG/MASVS standards.

Submission Format:

● A PDF report (6–8 pages) that includes:


○ Title page, table of contents, and labeled sections for each analysis component.

Deadline:
● Due one week after the lab.
Learning Outcome
This lab and assignment give students practical experience using OWASP ZAP to perform core
security assessments, helping them to apply OWASP standards in real-world mobile security
testing.

You might also like