Share: How to test an app for security issues?

How to test an app for security issues, in the face of such security testing, the app is a special test must be done in a link,

Simply list the types of tests that are currently being used

1. User privacy

• Checks whether the user password is saved locally, whether encrypted or not
• Check for sensitive private information, such as chat history, relationship chain, bank account, etc. for encryption
• Check whether the system files, configuration files are saved to the external device in plaintext
• Some information that needs to be stored on an external device requires that the information be tampered with before each use

2. File permissions

• Check the directory where the app resides, and its permissions must not allow other group members to read and write

3. Network communication

• Check whether sensitive information is encrypted in the network transmission, the important data to use TLS or SSL

4. Explain protection at runtime

• For software with embedded interpreter, check for XSS, SQL injection Vulnerability
• Use the Webiew app to check for URL spoofing vulnerabilities

5. Android Component Rights protection

• Prevents the app's internal components from being called by any third-party program.
• If a component needs to be called externally, check to see if the caller has a signing limit

6. Upgrade

• Check if the integrity and legality of the upgrade package has been verified to prevent the upgrade package from being hijacked

7.3rd Library

• If you use a third-party library, you need to follow up with updates to third-party libraries

First: Whether this app can really protect the privacy of users will not be stolen, this is also the most important, I believe most people are also disgusted with their own information is sold by advertisers!
Second: Is there a bug in the app itself? Vulnerable to mobile phone virus intrusion, resulting in cell phone data loss or cell phone system is destroyed;
Third: In the course of the operation will there be a sudden flash back situation? If the app has a trading function then his trading interface is safe, will not be hijacked, resulting in loss of funds.

Recommended by US:

• Technology Blog: mobile app encryption tool parsing
• Technical Blog: A brief analysis on the development tools of Gameplaykit Apple hand Tour
• Technology Blog: Programmer's Choice: several new open source tools in mobile development

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Share: How to test an app for security issues?