Mobile Application Security Testing Prerequisites
You must be aware of the items below before starting security testing of any mobile application:
| Security Testing Prerequisites |
|---|
|
Application functionality which defines user interaction with application and helps in identifying targeted surfaces for attack
|
|
Application domain as different domains have different risk profiles
|
|
Understand how app stores manage data in idle state, data in use, and data in transit state
|
|
Built-in user authentication and authorization mechanism
|
|
Different points of entry within application
|
|
Operating systems supported by application
|
|
Integrated third party applications
|
|
Transport protocol used for communication with other applications
|
|
Remote services used by application
|
Strategize Mobile Application Security Testing Plan
Once the prerequisites are defined, the next step is to devise a sound security testing strategy for your mobile application. Below is the list to keep in mind while planning for mobile app security testing:
Useful Tools
Open Source
- MobSF - Complete penetration testing solution for Android/iOS/Windows
- Drozer – Android app vulnerability identification
- Radare - Can be used for reverse engineering attacks for Android and iOS apps
- mitmproxy – Intercept data between app and services to identify vulnerabilities
- Santoku – virtual machine having all mobile app security testing tools
- Frida – Test java script exploits in Android/iOS/Windows
- QARK – toolkit for exploiting Android apps
Licensed
- Codified Security – Provides static and dynamic security testing for mobile apps
- Kiuwan – Largest technology cover for mobile app security testing
- WhiteHat Sentinel Mobile Express - This is a mobile security testing and assessment platform
Have Suggestions?
We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com
Disclaimer
The information contained in this newsletter is for general information purposes only. All the information have been collected from blogs, tools' websites, forums, through our research etc. and we have made utmost effort to keep the information up to date and relevant.
Tips To Secure Mobile Data
- Install apps only from official app stores and always keep them up to date. Verify permissions of installed apps
- Encrypt the stored data
- Always use VPN on public Wi-fi
- Turn off automatic Bluetooth connectivity
- Set up remote wipe
