Mobile applications focused on health are growing significantly and some studies have shown that companies do not have the clarity of how to bring the generality of legal requirements in the protection of personal data to guidelines specific measures to mitigate the risks of loss of confidentiality of information, as well as procedures on how to validate compliance have not been established. The aim of this study was to propose the development of a methodological guide for the performance of specialized computer security tests, which would allow the verification of compliance with legal requirements in the field of personal data protection in Colombia. In order to fulfill this objective, this work begins with the definition of minimum safety guidelines for the sector, based on the analysis of national and international regulations, and established security standards for mobile applications. Then, a threat modeling is performed, based on the analysis of the common functionality of a set of applications available in application stores; for which a hybrid threat model was used, which takes as reference the STRIDE methodologies, attack tree and attack library. Subsequently, the proposed Methodological Guide is structured on the basis of a definition of specialized computer security tests; finally, its applicability is assessed in a case of testing of a mobile