Security testing
The fundamental objective of security testing is to ensure that the application’s data and networking security requirements are met as per guidelines.
The following are the most crucial areas for checking the security of Mobile applications.
1.To validate that the application is able to withstand any brute force attack which is an automated process of trial and error used to guess a person’s username, password or credit-card number.
2.To validate whether an application is not permitting an attacker to access sensitive content or functionality without proper authentication.
3.To validate that the application has a strong password protection system and it does not permit an attacker to obtain, change or recover another user’s password.
4.To validate that the application does not suffer from insufficient session expiration.
5.To identify the dynamic dependencies and take measures to prevent any attacker for accessing these vulnerabilities.
6.To prevent from SQL injection related attacks.
7.To identify and recover from any unmanaged code scenarios.
8.To ensure whether the certificates are validated, does the application implement Certificate Pinning or not.
9.To protect the application and the network from the denial of service attacks.
10.To analyse the data storage and data validation requirements.
11.To enable the session management for preventing unauthorized users to access unsolicited information.
12.To check if any cryptography code is broken and ensure that it is repaired.
13.To validate whether the business logic implementation is secured and not vulnerable to any attack from outside.
14.To analyse file system interactions, determine any vulnerability and correct these problems.
15.To validate the protocol handlers for example trying to reconfigure the default landing page for the application using a malicious iframe.
16.To protect against malicious client side injections.
17.To protect against malicious runtime injections.
18.To investigate file caching and prevent any malicious possibilities from the same.
19.To prevent from insecure data storage in the keyboard cache of the applications.
20.To investigate cookies and preventing any malicious deeds from the cookies.
21.To provide regular audits for data protection analysis.
22.Investigate custom created files and preventing any malicious deeds from the custom created files.
23.To prevent from buffer overflows and memory corruption cases.
24.To analyse different data streams and preventing any vulnerabilities from these.
Post a Comment
Post a Comment