Professional Documents
Culture Documents
3G and 4G network enabled smart phones are today being used more and more for
accessing the Internet, for performing financial, business, and social transactions, and
for media consumption. However, the safety of the data being consumed by the end
user using the apps distributed via mobile application stores, poses a big security issue.
To add to this, Gartner predicts that almost 25% of organizations will launch their own
apps by 2017.
While this will make creating new apps much more efficient, it may also become a
reason-of-feast for the hackers as they will have more to hack into. Its only a fullfledged security testing enabled environment that will save the apps (and the
companies) from otherwise leaking a big load of personal data from the mobiles.
In short security of the apps will be vitally business-critical.
So, what can be done about this? What really is needed?
An app testing strategy that will not only analyse the security risks involved of using an
app on the smartphones but also support in eliminating the same.
http://gallop.net/
Native apps These are written to run only on a specific platform and supported
devices. For example, an iOS app runs only run on iPhone.
Web applications These are built using standards like HTML5 and can be
accessed by any mobile device.
Hybrid applications These apps usually have a layer of native application around
a Web-based user interface and provide the best of both worlds.
Gartner analysts suggest that more than 50% of deployed apps will be hybrid by 2016
for all the obvious reasons.
Mobile Security Testing Process An Overview
Like everything else, providing security testing for apps needs a method to overcome
the madness. Here are three basic steps suggested by experts in the field that must be
performed to achieve the desired objective:
1. Intelligence Gathering (gather as much as possible information about the app)
2. Threat Modeling (identify threats for the app specific or prepared)
3. Vulnerability Analysis (identify vulnerabilities in the app with the previous
created test cases using Dynamic methods (Passive network monitoring and
analyzing), Runtime analysis (analyzing the communicating process for internal
components (Android: Intents; iOS: objc_msgSend calls), and Forensic methods
(Timeline analysis)
Reference: Security Testing Guidelines for Mobile Apps by Florian Stahl & Johannes
Strher
10 critical activities to be performed to make apps secure
At a broad level, we need to test the following to ensure mobile app security: Data
leakage, flow, and storage capabilities, encryption, authentication, server-side controls,
and points of entry.
Ten specific activities to be performed while testing the Security of Mobile
Applications are:
http://gallop.net/
http://gallop.net/
Tags: app testing, Application Security Testing, Gallop Solutions, Mobile App Security, Mobile
Security Testing, Mobile Testing, penetration testing, security for mobiles, Security Testing,
vulnerability testing
http://gallop.net/