This document provides an overview of mobile application penetration testing methodology and resources. It discusses what to test, including the application package structure, permissions, network calls, data storage, and APIs. It emphasizes that the methodology should be based on knowledge rather than just tools. It also provides recommendations for tools, techniques, and resources for both static and dynamic analysis of Android and iOS applications. These include checklists, tutorials, talks, blogs, training courses, and code repositories.