Progressive Mobile Web Application Subresource Tampering During Penetration Testing.

Since the boost of mobile devices popularity, both operating systems and mobile applications have become more complex which in turn transfers into greater vulnerability to hackers' attacks. Penetration testing is aimed at detection of security gaps in mobile systems. On the other hand, Progressive Web uses Web browser API to enhance the range of functionalities to cross-platform. Thus, this paper focuses on mobile Web application penetration tests of Progressive Web. First, some new functionalities were evaluated for vulnerabilities, then an in-depth analysis of the Web push functionalities was carried out. External resources, which deliver Web push services, were explored for the libraries security. Then, Man-in-the-Middle attack on Subresource Integrity Mechanism (SIM) was analyzed to exploit the vulnerabilities detected.