From the first time when we held a gaming console, to today’s smartphones with computing powers, we have seen the technology evolve. Be it for carrying out financial transactions, playing games or watching videos, we spend a lot of time on mobile phones. In fact, the loved ones don’t seem distant anymore with the calls and chats made possible by the string connecting the world: THE INTERNET.
While these facilities have made our lives easier, they may expose our vulnerabilities to the dark web world. To ensure that the users are not subjected to such situations, security testing for mobile applications is necessary. This is what we will talk about in this quarterly newsletter.
ShieldCast - Fall 2018
Mobile Application Security Testing Prerequisites
You must be aware of the items below before starting security testing of any mobile application:
Strategize Mobile Application Security Testing Plan
Once the prerequisites are defined, the next step is to devise a sound security testing strategy for your mobile application. Below is the list to keep in mind while planning for mobile app security testing:
- MobSF - Complete penetration testing solution for Android/iOS/Windows
- Drozer – Android app vulnerability identification
- Radare - Can be used for reverse engineering attacks for Android and iOS apps
- mitmproxy – Intercept data between app and services to identify vulnerabilities
- Santoku – virtual machine having all mobile app security testing tools
- Frida – Test java script exploits in Android/iOS/Windows
- QARK – toolkit for exploiting Android apps
- Codified Security – Provides static and dynamic security testing for mobile apps
- Kiuwan – Largest technology cover for mobile app security testing
- WhiteHat Sentinel Mobile Express - This is a mobile security testing and assessment platform
We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at email@example.com
The information contained in this newsletter is for general information purposes only. All the information have been collected from blogs, tools' websites, forums, through our research etc. and we have made utmost effort to keep the information up to date and relevant.
Tips To Secure Mobile Data
- Install apps only from official app stores and always keep them up to date. Verify permissions of installed apps
- Encrypt the stored data
- Always use VPN on public Wi-fi
- Turn off automatic Bluetooth connectivity
- Set up remote wipe