You haven't looked at the entire picture if you haven't looked at your application's source code using an automated source code analyzer such as Checkmarx's CxSuite. Why? Source code analysis helps paint the entire picture of where your applications are vulnerable and how they might stand up - and fall down - against the threats they face. Note that I emphasize "automated" source analysis because no security professional of value has time to perform manual analysis on all the applications that matter.
Interestingly, here are the findings in the same app written in Objective C for the super secure iOS platform:
The CxSuite report shows prioritized findings (to be reviewed and re-prioritized by you as necessary) as well as source code examples so developers can understand how to fix the issues.
If you're an IT administrator, security manager, compliance auditor, developer, or consultant responsible for finding weaknesses in your organization's (or your client's) Web applications and mobile apps, you really need to look at the source code...eventually. And by "eventually" I mean at some point in the next year. Not the next five years. Not when you get around to it. If you don't, odds are good that someone else will find the flaws for you and try to make you look bad. Then what's it going to cost? Ten, twenty, many a thousand times more than it would've cost to perform the proper testing in the first place.
Don't end up here or fall into the group of people who find out about vulnerabilities and breaches from third parties that we keep hearing about. Perform a proper automated source code analysis soon and do it periodically. There are several source code analyzer options. Whether you're super technical or you're not, of the source code analyzers I've used over the years, I've found CxSuite to be a great option.