Security testing is difficult and requires constant upkeep as hackers and attackers find new vulnerabilities. At uTest, we have a basic list of six key security features all applications should be tested for at a minimum:
- Confidentiality: Does the app keep private data private?
- Integrity: Can the data be trusted and verified?
- Authentication: Does the app check to see if you are who you say you are?
- Authorization: Does the app properly limit privileges?
- Availability: Can an attacker take the app offline?
- Non-Repudiation: Does the app keep a record of events for later verification?
When it comes to mobile app security testing, things may seem simpler – a hacker probably can’t infect your app with malicious code that will compromise users – but in reality there are just as many things to consider as ever. Many of the six factors listed above hold true for any type of application – it’s all about keeping data safe and private. Michelle Drolet, founder of Towerwall, elaborated on this point in a recent article for Network World. Here are her “tips for testing vulnerabilities:”
There are many potential weak spots in mobile apps. Knowing where they are can get you off to a good start.
- Data flow — Can you establish an audit trail for data, what goes where, is data in transit protected, and who has access to it?
- Data storage — Where is data stored, and is it encrypted? Cloud solutions can be a weak link for data security.Data leakage — Is data leaking to log files, or out through notifications?
- Authentication — When and where are users challenged to authenticate, how are they authorized, and can you track password and IDs in the system?
- Server-side controls — Don’t focus on the client side and assume that the back end is secure.
- Points of entry — Are all potential client-side routes into the application being validated?
This is only the tip of the iceberg in terms of comprehensive security testing for mobile apps. Factor in the peculiar demands of compliance in your industry, because it is vital that you meet the right standards for regulations and mandates.
Read the full article at Network World >>>
Check out uTest’s whitepaper for more tips on mobile app security testing. It explains the six senstive areas uTest highlights and expands on many of the same points Michelle made in the Network World article.