What is the difference between mobile web vs native application?
Would you recommend to develop mobile web vs native application?
What is the latest device available for iOS, Android or Windows Mobile 7?
Tell the difference between Android Gingerbread and Android Honeycomb operations systems?
Explain in details the challenges of mobile application testing?
How would you do functionality testing in mobile world?
How would you approach mobile application usability testing?
Do you have a performance testing experience for mobile applications?
How do you test that the mobile app design will be consistent across the different phones?
What do you have to do to test a new application on a real phone?
What are pros and cons of using mobile emulators and simulators for mobile testing?
How would you implement test automation for mobile testing?
Can we test mobile apps using Selenium test automation tool?
Would you recommend to implement Agile for mobile testing?
Mobile applications - an Overview
More and more consumers are using mobile / smart phones - so mobile applications are a great way to directly connect with customers. They connect with consumers in real-time and therefore provide services anytime anywhere.
Mobile applications can be categorized under communications, games, utilities, multimedia, productivity and travel based on their functionality. However, for security testing our focus is mainly on applications from Banking / Finance domain under the productivity category.
From a technical point of view, mobile applications can be differentiated by the runtime environment they run in:
Note: This article discusses testing of JAVA/J2ME based mobile applications. Although, similar approach may be followed for testing mobile applications based on other platforms.
Prerequisites for a Mobile Application Security Assessment
Mobile application security assessment also follows the same step by step procedure as a normal application security assessment such as:
Categories of Applicable Tests
All the tests relevant to a thick client application can be applicable to mobile applications.
In absence of an emulated environment, it might not be possible to capture requests in proxy. Then as an alternative, architecture review and reverse engineering can be carried out.
[Source: Discussion with vendor and supporting documents]
Being able to achieve the following would overcome many of the obstacles faced while testing mobile applications: