Best Quality Assurance Testing Blogs Strategies & Trends

Security Testing Report and Mobile App Penetration Testing

Written by QASource | Jun 15, 2016 4:00:00 PM

Latest Virus/Malware News

 

Evaluation - Tools & Technologies

Secure Pro is an API security testing paid tool provided by SmartBear. This tool has following features:

  • Pre-built Security Scans for SOAP & REST
  • Custom Security Scan editor & Security Test Generator
  • Scan for Sensitive File Exposure on your API servers
  • Check for Weak Authentication
  • Security Scan Wizard
 

Best Practices for Mobile Application Penetration Testing

News Flash

Preparing the Security Plan

To test the application, it is recommended to build the security test plan. OWASP Security Cheat sheet provides the overview that security test engineers can use and incorporate in the plan.

Preparing the Test Environment

To build the test environment for testing the mobile application, below tools can be used:

Building the Attack Arsenal

Tools that can be used for attacking are:

  • Cydia for hacking an application
  • Appcrack and DumpDecrypted for Android App
  • Android Proxy, ZAP, Tcpdump for network analysis

Preparing Test Cases

Test cases should be prepared and few major areas are as follows:

  • Authentication, Authorization and Access Control
  • Malicious Input, Fuzzing
  • Auditing and Logging
  • Exception Handling and Error Handling
  • Buffer Overflow
  • SQL Injection
  • User and Session Management
 

What Should Testing Report Contain?

Security Threat Details

Information on security threats that can potentially exploit the application.

Root Cause

What is the root cause of the security issue? We can define the security flaw that has been determined.

Testing Technique Used

Which testing technique has helped in finding the issue? Whether it is pen test, security test or source code analysis.

Remediation of Vulnerability

What could be the fix? Do we need any requirement change, code change or any configuration change?

Risk Rating of Vulnerability

What risk it poses to the application. Whether it is Critical, High, Medium or Low.

Have Suggestions?

We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com
View full post