Security has become one of important aspects of a modern software product. That is why security testing should hold a prominent place in each software testing process.
Security of an application is a complex conception depending on many things. Secure data transferring is one of them. It is especially topical for mobile programs because mobile devices are used in different places; they are connected to various public WiFi hot points. Hackers often try to intercept personal, banking or other information in such places and use it for ill purposes. They install special applications for listening and capturing data.
So, if the information is sent in plain text and can be easily read by people, thieves can utilize it. The consequences can be serious, if, for example, people with evil intention get access to somebody’s bank account.
That is why a software testing company advises to encrypt sensitive information. Software products using encrypted communication usually have a padlock on their icons.
Security of Data Transferring of a Mobile Application Can be Checked:
- by means of an emulator of a tablet or smartphone on a personal computer and an instrument analyzing data traffic;
- directly on a mobile device with installed virtual private network program connected to a personal computer with an instrument analyzing data traffic.
Experts in mobile application testing, desktop testing and web site testing claim that encrypted data transferring is not an ideal solution, it doesn’t provide absolute security. But it is good enough to keep most of the attackers away as it requires more efforts to steal the data.
As a rule, thieves are looking for easy pickings and would rather search for insecurely transferred data.
Modern applications are complex and multilevel; they include lots of media elements, advertisements, utilize various libraries and so on. The data can be sent and received not only by the application itself but by its elements as well.
One should be careful checking programs of that kind. The pitfalls are in third party elements. They may be tested hastily or not checked at all.
If at least one element uses insecure communication, sensitive data, like passwords and logins, can be captured. Third party elements must be checked the same as native elements of the application under test. One should make sure in course of mobile testing, desktop testing and web site testing that all the important and sensitive data are transferred encrypted.
The development team must correct all the reported security defects, including those in the third party elements.
This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at http://ift.tt/jcXqJW.
No comments:
Post a Comment