Believe it or not, testing – particularly security testing – is still not a high priority for enterprises who develop mobile apps. Despite all that’s at stake, they continue to neglect even the most basic fundamentals. And in doing so, they are putting YOUR personal information (contacts, calendars, passwords, etc.) at risk. Scary, right?
We thought so, which is why we wanted to share a few things every enterprise should know about mobile app testing from this recent article on SearchSoftwareQuality.com. Let’s take a closer look:
1. There’s still a lot we don’t know about the mobile space…
“Mobile app platforms are relatively new, and therefore, both the know-how — as well as inherent security in the code — is not very well understood.”
The downside about mobile app platforms being so new is that even the developers who do have experience writing code are still exploring a new territory with the mobile app. Writing code for a mobile app is very different from other programs and, although a web developer may be under the impression that the code works out well for the mobile app, there is plenty of room for error – something many enterprises end up learning the hard way.
2. Security testing is NOT a post-launch activity.
“We can sometimes expose these vulnerabilities through open source tools, vulnerabilities that we were not able to expose through commercial tools.”
Enterprises are beginning to understand the importance of testing the security of their mobile app before it reaches their target audience. So often, this process occurs after the fact, when malware and other third party intrusions make their way into the software. In this instance, it’s essential to leverage a variety of software testing tools – whether open source or proprietary – in order to identify and fix certain vulnerabilities. But of course, threats of this kind are only half the battle when it comes to ensuring a secure mobile app. For enterprises, it’s especially beneficial to be proactive about testing and security, which means it should become part of the development process, not a post-launch activity.
3. Standards matter.
“The biggest part of our efforts is spent on developing the standards and augmenting their release standards so that security becomes an integral part of their release cycle.”
Similar to the point made above, it’s becoming clear to enterprises (indeed, all companies) that the mobile world is no longer the wild, wild west of technology. Though the space is relatively new, these organizations must work to ensure some type of standardization for their releases, which will obviously vary form company to company. Perhaps its a comprehensive check against the OWASP list, maybe it’s in-the-wild testing or some other tactic, but if enterprises are going to launch apps that users trust, they have to make it part of every release.
Do you develop or test mobile apps in the enterprise? If so, what tips do you have to share? Be sure to let us know in the comments section.