We teach following technical and business logic issues related to mobile application on the different mobile platforms such as android,IOS and windows.

Jailbreak Warning Checks
Certificate Pinning Checks
Dangerous enabled settings(debug mod etc)
Decompile/Reversing tests
Hardcoded Passwords checks in the sources
Token, 3rd party data leakage checks in the sources
Information leakage in the real time device logs
Application logs checks if there is critical information
Application’s stored cache data checks
Password protection situation of the local databases
Sensitive information storing situation of the databases
Checks all critical files(xml,plist etc)
Run time tests
Memory analyse in the run time
Certificate Pinning Bypass
Situation of the keyboard cache in the text inputs
Data storage shared sdcard
Tcpdump analysis whilst app is working
All backup file, logs and spesific files analysis
Sensitive strings search with grep in the whole app directory
Mobile app recompile tests
Android APK obfuscation sitiation 
Input manipulation tests
2-factor auth tests
Data transmission security between device and server
Server side tests
Full port scan for server IP address
Full vulnerability scanning for server IP address
Mobile web site tests like a website test
Testing app permissions
Testing critical information in the clipboard
Application Session Timeout situation.
Username and password policy check
Predictable credentials checks
Login form captcha, anti-csrf usage situation
Business logic vulnerabilities on the application functions
Code injection tests
Command execution tests
Iframe injection
LFI via iframe injections on the device
XSS tests(Reflected,Dom,Stored,Blind)
XSS tests with payload injections via cross paltforms(mobile-web)
XXE vulnerability checks
Technical and business logic tests on the registration form
Password reset function tests
Access via web browser to mobile app with useragent changing
Takeover account tests
Deployment and configuration issues
Mobile API and webservices tests
SSRF Tests(local and remote)
Insecure Direct Object Reference Tests
Privilege Escalation with diffrent roles
Directory traversal
Advenced authorization and authentication tests
Username enumeration wia warnin messages or mis-developments
Automate Scanning