QA Outsourcing
Pricing
toggle
Pricing
info@qasource.com

QASource Blog

Blog Arrow

Security Testing Report And Mobile App Penetration Testing: Shieldcast - Q1 2016

Security Testing, Application Security, QA Security, Shieldcast
QASource QASource | June 15, 2016

Latest Virus/Malware News

Virus/Malware News

Evaluation - Tools & Technologies

Evaluation Tools & Technologies
Secure Pro

Secure Pro is an API security testing paid tool provided by SmartBear. This tool has following features:

  • Pre-built Security Scans for SOAP & REST
  • Custom Security Scan editor & Security Test Generator
  • Scan for Sensitive File Exposure on your API servers
  • Check for Weak Authentication
  • Security Scan Wizard

Best Practices for
Mobile Application Penetration Testing

Preparing the Security Plan

To test the application, it is recommended to build the security test plan. OWASP Security Cheat sheet provides the overview that security test engineers can use and incorporate in the plan.

Preparing the Test Environment

To build the test environment for testing the mobile application, below tools can be used:

Building the Attack Arsenal

Tools that can be used for attacking are:

  • Cydia for hacking an application
  • Appcrack and DumpDecrypted for Android App
  • Android Proxy, ZAP, Tcpdump for network analysis

Preparing Test Cases

Test cases should be prepared and few major areas are as follows:

  • Authentication, Authorization and Access Control
  • Malicious Input, Fuzzing
  • Auditing and Logging
  • Exception Handling and Error Handling
  • Buffer Overflow
  • SQL Injection
  • User and Session Management

What Should Testing Report Contain?

Testing Report
Security Threat Details

Information on security threats that can potentially exploit the application.

Root Cause

What is the root cause of the security issue? We can define the security flaw that has been determined.

Testing Technique Used

Which testing technique has helped in finding the issue? Whether it is pen test, security test or source code analysis.

Remediation of Vulnerability

What could be the fix? Do we need any requirement change, code change or any configuration change?

Risk Rating of Vulnerability

What risk it poses to the application. Whether it is Critical, High, Medium or Low.

Suggestions

Suggestions?

We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com

Disclaimer

The logos used in this post are owned by the individual companies of each logo or trademark. The logo is not authorized by, sponsored by, or associated with the trademark owner, but QASource is using the logos only for reviewing purposes. The endorsement of the used logos by QASource is neither intended nor implied.

Disclaimer

This publication is for informational purposes only and nothing contained in it should be considered legal advice. We expressly disclaim any warranty or responsibility for damages arising out of this information and encourage you to consult with legal counsel regarding your specific needs. We do not undertake any duty to update previously posted materials.

Related Posts

A Complete Guide to Salesforce QA Testing in 2023

A Complete Guide to Salesforce QA Testing in 2023

Security Testing, Salesforce Testing

Publish Date 13 Dec 2022

Salesforce is, without a doubt, the most recognized customer relationship management (CRM) tool. Due to the system being flexible and supporting companies of all sizes across every industry, it requires continuous testing, regular maintenance and constant feature upgrades in order for your business to remain competitive.

Continue Reading
A Guide to Penetration Testing and Cyber Security Risks

A Guide to Penetration Testing and Cyber Security Risks

Application Security, Cybersecurity, Penetration Testing

Publish Date 15 Sep 2020

What you don’t know about your software product or your company’s infrastructure should scare you.

Every minute that you turn a blind eye to an issue is a minute gained by cybercriminals intent on gaining access to your sensitive data and confidential information. And with more employees working from home, hackers have discovered more ways to infiltrate software and applications.

Continue Reading
Cyber Security Testing Checklist: 9 Steps To Complete Before Testing a Product in the Security Domain

Cyber Security Testing Checklist: 9 Steps To Complete Before Testing a Product in the Security Domain

Test Strategy & QA Methodologies, QA Security, Software Testing

Publish Date 21 Oct 2020

These days, a news story on a cyberattack is as common as the weather report. To defend against these potential attacks, companies have created products and software applications designed to secure their data. But can these security products and applications provide full protection against these threats?

Continue Reading
SQL Injection and IoT Security Testing: Shieldcast - Winter 2018

SQL Injection and IoT Security Testing: Shieldcast - Winter 2018

Security Testing, Application Security, QA Security, Shieldcast

Publish Date 14 Feb 2018
Continue Reading

Is QA Outsourcing Right For Your Company?

Talk to our experts about your company's QA testing needs to determine whether outsourcing is right for you.

Written by QA Experts

QASource Blog, for executives and engineers, shares QA strategies, methodologies, and new ideas to inform and help effectively deliver quality products, websites and applications.

We use cookies to optimize user experience. Click on "Agree and Proceed" to confirm, OR, by continuing, you implicitly accept cookies.