Security Testing of Mobile applications.

By -


Security Testing of Mobile applications.

The following are the most crucial areas for checking the security of Mobile applications.
  1. To validate that the application is able to withstand any brute force attack which is an automated process of trial and error used to guess a person’s username, password or credit-card number.
  2. To validate whether an application is not permitting an attacker to access sensitive content or functionality without proper authentication.
  3. To validate that the application has a strong password protection system and it does not permit an attacker to obtain, change or recover another user’s password.
  4. To validate that the application does not suffer from insufficient session expiration.
  5. To identify the dynamic dependencies and take measures to prevent any attacker for accessing these vulnerabilities.
  6. To prevent from SQL injection related attacks.
  7. To identify and recover from any unmanaged code scenarios.
  8. To ensure whether the certificates are validated, does the application implement Certificate Pinning or not.
  9. To protect the application and the network from the denial of service attacks.
  10. To analyze the data storage and data validation requirements.
  11. To enable the session management for preventing unauthorized users to access unsolicited information.
  12. To check if any cryptography code is broken and ensure that it is repaired.
  13. To validate whether the business logic implementation is secured and not vulnerable to any attack from outside.
  14. To analyze file system interactions, determine any vulnerability and correct these problems.
  15. To validate the protocol handlers for example trying to reconfigure the default landing page for the application using a malicious iframe.
  16. To protect against malicious client side injections.
  17. To protect against malicious runtime injections.
  18. To investigate file caching and prevent any malicious possibilities from the same.
  19. To prevent from insecure data storage in the keyboard cache of the applications.
  20. To investigate cookies and preventing any malicious deeds from the cookies.
  21. To provide regular audits for data protection analysis.
  22. Investigate custom created files and preventing any malicious deeds from the custom created files.
  23. To prevent from buffer overflows and memory corruption cases.
  24. To analyze different data streams and preventing any vulnerabilities from these.

Comments

Post a Comment

Popular posts from this blog

Handling Dynamic Web Tables Using Selenium WebDriver

By -
Image
There are two types of HTML tables published on the web- Static tables : Data is static i.e. Number of rows and columns are fixed. Dynamic tables : Data is dynamic i.e. Number of rows and columns are NOT fixed.Handling static table is easy, but dynamic table is a little bit difficult as rows and columns are not constant. Using X-Path to Locate Web Table Elements Before we locate web element, first let's understands- What is a web element? Web elements are nothing but HTML elements like textbox, dropdowns radio buttons, submit buttons, etc. These HTML elements are written with  start  tag and ends with an  end  tag. For Example, <p>  My First HTML Document </p>. Steps for getting X-path of web element that we want to locate. Step 1)  In Chrome, Go to  http://money.rediff.com/gainers/bsc/daily/groupa Step 2)  Right click on web element whose x-path is to be fetched. In our case, right click on "Company" Se...
Read more

Verify Specific Position of an Element

By -
Verify Specific Position of an Element Selenium IDE indicates the position of an element by measuring (in pixels) how far it is from the left or top edge of the browser window. ·          verifyElementPositionLeft   - verifies if the specified number of pixels match the distance of the element from the left edge of the page. This will return FALSE if the value specified does not match the distance from the left edge. ·          verifyElementPositionTop   - verifies if the specified number of pixels match the distance of the element from the top edge of the page. This will return FALSE if the value specified does not match the distance from the top edge.
Read more

Read it out for TESTNG before going for an iterview

By -
How to run a group of test cases using TestNG? TestNG allows you to perform sophisticated groupings of test methods. Not only can you declare that methods belong to groups, but you can also specify groups that contain other groups. Then TestNG can be invoked and asked to include a certain set of groups (or regular expressions) while excluding another set.  This gives you maximum flexibility in how you partition your tests and doesn’t require you to recompile anything if you want to run two different sets of tests back to back. Groups are specified in your testng.xml file and can be found either under the <test> or <suite> tag. Groups specified in the <suite> tag apply to all the <test> tags underneath. @Test (groups = { "smokeTest", "functionalTest" }) public void loginTest(){ System.out.println("Logged in successfully"); }   How to create Group of Groups in TestNG? Groups can also inc...
Read more