Security Testing for native mobile apps
I have been looking for checklist to follow and tools which can be used for Security test for a native mobile app.
I have no idea where to begin from.
Could you please advice on tools i can start looking into and checklist i need follow?
Looking forward for your response.
That's something I'd be curious to find out too. For testing the servers where all the api requests are going to, you can use your standard request based testing like skipfish or owasp zap.
But I'd be interested in knowing about how you'd test the app itself for vulnerabilities. For example, buffer overflows, XSS (for say a PhoneGap app that's HTML that's embedded inside a native mobile app), CORS issues, Authentication weaknesses, Permission escalation, etc...
Thank you David
The tools you suggested are for web applications is it not?
I was or still looking for something which can help me test mobile application (hybrid/native). please let me know if u have any advice on tools.
And any guideline to follow while testing for security of mobile application.
Since I am a newbie and there are so much information on the internet I am struggling to evaluate where to begin from and what to look for.
Hope to hear from you soon
When talking about security, there's couple risks to deal with. Client side risk, and server side risk. Server side risk, you can deal with like any other web service, the tools for testing those will be the same.
The client side risk however, I'm not familiar with the tools, and I'd love to hear what's out there if anyone else knows.
If I consider to test manually for security issue of a mobile app, could you advice me on how to approach to analyse test scenarios/any sample security test cases based on which i can evaluate security scenario of our mobile app?