Forum 2.0

Hello Friends,

I am just looking in to various aspects of security testing in mobile apps and just trying to see what exactly security testing in Mobile Apps is? So my question is what kind of security testing your perform in your mobile app and what exactly you test in that ?


Thanks,

Anurag

You need to be a member of Mobile QA Zone to add comments!

Join Mobile QA Zone

Email me when people reply –

Replies

  • Use either wireshark or http scoop tool and then create a filter of http. Give the ip address of your device. Suppose you have installed that s/w on mac or windows laptop, and make sure no other device is connected to that wi-fi except the device on which your app is installed. This will ensure that no other network traffic is generated. Then go to the app area where network is used and check the network traffic for sensitive information.

    Anurag Khode said:

    Neha,

    Sounds great.Can you let us know how to create proxy.I am really finding your test case very interesting and I think i need to give a try to this test case.

    Thanks

    Anurag

  • I don't have any idea about windows 7. You can use Wire shark tool for that.

    chethan shetty said:

    Hey Neha,

    Can we create that http proxy or is there any related software to check this for windows 7 desktop.

  • Neha,

    Sounds great.Can you let us know how to create proxy.I am really finding your test case very interesting and I think i need to give a try to this test case.

    Thanks

    Anurag

  • Hey Neha,

    Can we create that http proxy or is there any related software to check this for windows 7 desktop.

  • Thank you :) Let me try this.

    Neha Jain said:

    Hi Chetan,

    Test case will be like this:

    To verify the sensitive information in network traffic.

    For this Create an http proxy to analyse the traffic generated by giving the device ip address. This will connect your device with that software. Now go to the application and enter password.
     Check the network traffic.

  • Hi Chetan,

    Test case will be like this:

    To verify the sensitive information in network traffic.

    For this Create an http proxy to analyse the traffic generated by giving the device ip address. This will connect your device with that software. Now go to the application and enter password.
     Check the network traffic.

  • Hi Neha,

    Could you please tell me a test case for :

    "Sensitive information like password is encrypted or not in network traffic."

    Say for a facebook App in iOS or android.

  • Thanks Neha!

  • welcome Anurag,

    check out this discussion for the answer:

    http://www.mobileqazone.com/forum/topics/how-to-create-an-http-prox...

    Anurag Khode said:

    Thanks Neha,

    One que.

    1.You have an Android App say twitter

    2.You enter valid credential and you logged in to app

    Now let me know ""How will you test:-Password should not get stored in the device."  I mean how will you make sure that it is not stored somewhere in the device ?

  • Thanks Neha,

    One que.

    1.You have an Android App say twitter

    2.You enter valid credential and you logged in to app

    Now let me know ""How will you test:-Password should not get stored in the device."  I mean how will you make sure that it is not stored somewhere in the device ?

This reply was deleted.
    results->result as $result) { ?>
  1. jobtitle;?>
    company;?>(formattedRelativeTime;?>)city;?>, state;?>

    APPIUM

    Blockchain Testing

    Welcome to Mobile QA Zone, a Next Generation Software Testing Community.Invite your friends to join this community.Write to us to become a featured member.