Perform the testing for all scenario from OWASP Web Testing Guide v4 and OWASP Mobile Testing Guide, for example: 

​

1. Test the application logic 

2. Test the sensitive authentication and authorization page / function 

3. Test for POST and GET parameters which can be tampered (network communication)

4. Test Application Session Management

5. Test Encryption process for data in motion and at rest

6. Test the Man In The Middle attack to tamper all data transferred within the application