Mobile App Security Testing — Remote Authentication Exploit with iGoat

The video below demonstrates how to test a mobile application for remote authentication vulnerabilities. For this demonstration, I used a mobile application called iGoat. iGoat is designed for the iOS platform and functions as a learning tool for iOS developers. iGoat is a safe environment in which iOS developers can gain knowledge about the major […]

Read more
Building and Testing Secure Mobile Apps
Mobile Security

Mobile application development has been on the rise lately because of the convenience mobile apps have to offer. Despite the occurrence of security breaches performed on mobile devices recently, security testing is not as emphasized as other forms of quality testing measures such as user acceptance or functional testing. Just last year, hackers in China […]

Read more
How Do I Choose Mobile Devices for Testing?

One of the most challenging topics we discuss in our Mobile Application Testing training course is how to determine what devices to purchase for testing and how to get the widest device coverage for tests. When thinking through this there are several factors to consider: On what kinds of devices was my app designed to be used? […]

Read more
Compatibility Testing – Local Simulation Tricks For Mobile Web Applications

Introduction After giving a talk last week with Sauce Labs about compatibility testing for mobile web apps, I got several questions about simulation using Selenium Webdriver. I had written back in June about compatibility testing using Selenium IDE, but the talk expanded on this concept, allowing tests run in client languages to perform similar actions. […]

Read more
Compatibility For Mobile Web Apps

Introduction One major problem with writing a good mobile web app, is that it needs to run over ALL of the devices out there. While there a plenty of hacks to get your mobile site to only load/respond on certain device, it’s generally frowned upon, and not best practice. There are multiple ways to set […]

Read more
Diving Deeper into Mobile Penetration Testing Framework: AppUse

In the previous blog, I detailed a great starting point for mobile application testing— the AppUse framework—and highlighted its greatest pros and cons. This tool, created by AppSec-Labs, combines many additional tools to perform static and dynamic analysis of an application and the smartphone device that it runs. Remember, please only use the tools and […]

Read more
Easy Button for Testing of Mobile Devices and Apps: AppUse

Knowing where to start in the penetration testing world is very difficult and largely inconsistent. With so many options and tools available simply kicking off a scan of the network can require a considerable time investment. That is even truer in the relatively new world of mobile testing. Please only use the tools and methods discussed on systems that you […]

Read more
Mobile Trust: How to Test for It

Introduction With the surge of mobile applications being released, many developers and companies are finding it increasingly harder to standout from the rest. A great way to differentiate yourself, build a strong user base, and keep them happy with your product is through trust. As security and privacy come up more often the news, users […]

Read more
Using SecureCI Testing Framework for Mobile Devices

One of the new features of the 2013 Q4 Secure CI Release was the inclusion of a testing framework, optimized for web based browser testing. I’m continuing to make a few updates to the testing framework, but more than anything I’ve been discovering more and more uses for it. I’ve been working in the mobile […]

Read more
X