Application Name: Vulnerable Bank Application
Developer: Al-Amir Badmus (Senior Application Engineer)
Assessor: Akanbi Oluwakunle Johnson
Assessment Type: Static and Dynamic Application Security Testing (SAST/DAST)
Assessment Tools: JADX-GUI, APKTool, ADB, MobSF, sqlite3, Burp Suite, Manual Analysis
Objective
This assessment aims to evaluate the security posture of the “Vulnerable Bank Application” by analyzing both its static code and runtime behavior. The goal is to identify weaknesses and vulnerabilities based on the OWASP Mobile Top 10 security risks and provide actionable recommendations to remediate them.
Static Analysis (SAST)
Static Analysis involves decompiling the APK and reviewing the source code, configuration files, and other static components of the application.
Tools Used
JADX-GUI: For decompiling the APK and reading source code.
APKTool: For decoding and inspecting AndroidManifest.xml and app resources.
ADB (Android Debug Bridge): For communicating with the Android emulator.
MobSF: For automated analysis.
Manual Inspection: Using cognitive analysis to interpret logic and detect flaws.
Key Areas Checked (Mapped to OWASP Mobile Top 10):
M1: Improper Platform Usage
M2: Insecure Data Storage
M5: Insufficient Cryptography
M9: Reverse Engineering
M10: Extraneous Functionality





























