The video below demonstrates how to test a mobile application for remote authentication vulnerabilities. For this demonstration, I used a mobile application called iGoat. iGoat is designed for the iOS platform and functions as a learning tool for iOS developers. iGoat is a safe environment in which iOS developers can gain knowledge about the major […]
Mobile application development has been on the rise lately because of the convenience mobile apps have to offer. Despite the occurrence of security breaches performed on mobile devices recently, security testing is not as emphasized as other forms of quality testing measures such as user acceptance or functional testing. Just last year, hackers in China […]
The video below demonstrates how to test a mobile application for local data storage vulnerabilities. For this demonstration, I used a mobile application called iGoat. iGoat is designed for the iOS platform and functions as a learning tool for iOS developers. iGoat is a safe environment in which iOS developers can gain knowledge about the […]
This is the first in a series of posts I plan to do as an introduction to the basics of Appium. In this post I will walk through how to use tools that come with Appium to record the basic steps of a functional test for a sample iOS application and then how to clean that code […]
In the previous blog, I detailed a great starting point for mobile application testing— the AppUse framework—and highlighted its greatest pros and cons. This tool, created by AppSec-Labs, combines many additional tools to perform static and dynamic analysis of an application and the smartphone device that it runs. Remember, please only use the tools and […]
Knowing where to start in the penetration testing world is very difficult and largely inconsistent. With so many options and tools available simply kicking off a scan of the network can require a considerable time investment. That is even truer in the relatively new world of mobile testing. Please only use the tools and methods discussed on systems that you […]
Introduction Mobile App Testing involves networks, not just the app or device itself. Understanding the basics of telecommunications will always give you advantages when doing testing mobile applications. Testers need to understand the impact of network and communications on testing scope. This is the first in a multi-post segment for understanding the differences between networks, […]
Introduction As mobile native app testing tools continue to advance at a slow pace, mobile web app testing tools are advancing much quicker. There are several out there, including Sauce Labs and Testing Bot. These tools are great at taking browser based tests, and running them on emulated mobile devices, or even different desktop OS […]
The hunt for a tool to provide you some ability to scan and analyze mobile application code may not be as elusive as the Chupacabra any more. Kryptowire is a security testing tools designed specifically for testing Android and iOS native mobile applications. It provides a simple interface for analyzing source code developed locally […]
I’m often asked what makes mobile testing so different that testing anything else? The simple answer is your goal. When we test a web application, per say, the goal of our testing is to often ensure that the application fulfills the requirements as directed by the product owner, that it meets any standards set by […]
