To ensure that the users are not subjected to such situations, security testing for mobile applications is necessary. This is what we will talk about in this quarterly expert series.
You must be aware of the items below before starting security testing of any mobile application:
| Security Testing Prerequisites |
|---|
|
Application functionality which defines user interaction with application and helps in identifying targeted surfaces for attack
|
|
Application domain as different domains have different risk profiles
|
|
Understand how app stores manage data in idle state, data in use, and data in transit state
|
|
Built-in user authentication and authorization mechanism
|
|
Different points of entry within application
|
|
Operating systems supported by application
|
|
Integrated third party applications
|
|
Transport protocol used for communication with other applications
|
|
Remote services used by application
|
Once the prerequisites are defined, the next step is to devise a sound security testing strategy for your mobile application. Below is the list to keep in mind while planning for mobile app security testing:
Design Security
Overall architecture of mobile app along with all connected remote services needs to be verified here to ensure that security controls are forced at all levels.
Data Security
Verify that sensitive data like user credentials and other information is stored securely in encrypted format and cannot be accessed through unauthorized medium.
Authentication And Authorization
Verify that user login data and sessions are managed securely without leaving any loopholes for attackers.
Network Security
Ensure that information exchanged between mobile app and remote services is safe during transit.
Platform Security
Cross check that APIs and services like push notifications and location sharing of underlying platform used by mobile app are safe to use and are used in a secure manner.
Reverse Engineering Defense
Verify that your mobile app cannot be reverse engineered so that there is no risk of attackers inducing malware in it and uploading to app store.
We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com