Three-tier Mobile App Security Approach
Mobile client assessment areas include: File system, Memory, Run-time tampering, Input validation, Source code analysis, Binary analysis and Inter-application communication.
Mobile network traffic assessment areas include: Transport layer security, Data stream analysis, Malware analysis and Host communication enumeration
The web server side is examined after, and leverages everything learned from, evaluation of the client and network portions of the application. Testing steps include: Mobile Web application vulnerability assessment, Mobile SOAP1 or REST2-based Web service testing and Static analysis of any back-end code