Mendix Pentest Checklist

Step-by-step checklist for testing the security of a Mendix application. Hover over each item for more details.

0 of 14 completed

Check if anonymous/unauthenticated access is enabled

Check the Mendix runtime version

Check for demo users

Review exposed constants

Check System.FileDocument for sensitive files

Check System.User and Administration.Account

Review writable and creatable entities

Go through each entity and review access

Check for password reset GUIDs in entities

Test the password reset flow for GUID leakage

Enumerate and test deeplinks

Check microflows and microflow access

Look for hidden pages via microflows

Check for business logic issues

M