Mobile App Security Testing — Remote Authentication Exploit with iGoat

The video below demonstrates how to test a mobile application for remote authentication vulnerabilities. For this demonstration, I used a mobile application called iGoat. iGoat is designed for the iOS platform and functions as a learning tool for iOS developers. iGoat is a safe environment in which iOS developers can gain knowledge about the major […]

Read more
Building and Testing Secure Mobile Apps
Mobile Security

Mobile application development has been on the rise lately because of the convenience mobile apps have to offer. Despite the occurrence of security breaches performed on mobile devices recently, security testing is not as emphasized as other forms of quality testing measures such as user acceptance or functional testing. Just last year, hackers in China […]

Read more
Diving Deeper into Mobile Penetration Testing Framework: AppUse

In the previous blog, I detailed a great starting point for mobile application testing— the AppUse framework—and highlighted its greatest pros and cons. This tool, created by AppSec-Labs, combines many additional tools to perform static and dynamic analysis of an application and the smartphone device that it runs. Remember, please only use the tools and […]

Read more
Easy Button for Testing of Mobile Devices and Apps: AppUse

Knowing where to start in the penetration testing world is very difficult and largely inconsistent. With so many options and tools available simply kicking off a scan of the network can require a considerable time investment. That is even truer in the relatively new world of mobile testing. Please only use the tools and methods discussed on systems that you […]

Read more
Why Test On Different Networks

Introduction Mobile App Testing involves networks, not just the app or device itself. Understanding the basics of telecommunications will always give you advantages when doing testing mobile applications. Testers need to understand the impact of network and communications on testing scope. This is the first in a multi-post segment for understanding the differences between networks, […]

Read more
Getting Recorded Selenium Scripts Running In Sauce

Introduction As mobile native app testing tools continue to advance at a slow pace, mobile web app testing tools are advancing much quicker. There are several out there, including Sauce Labs and Testing Bot. These tools are great at taking browser based tests, and running them on emulated mobile devices, or even different desktop OS […]

Read more
Mobile Application Testing with Kryptowire

The hunt for a tool to provide you some ability to scan and analyze mobile application code may not be as elusive as the Chupacabra any more.   Kryptowire is a security testing tools designed specifically for testing Android and iOS native mobile applications.  It provides a simple interface for analyzing source code developed locally […]

Read more
The Goal of Mobile Application Testing

I’m often asked what makes mobile testing so different that testing anything else? The simple answer is your goal.  When we test a web application, per say, the goal of our testing is to often ensure that the application fulfills the requirements as directed by the product owner, that it meets any standards set by […]

Read more