Summary of Mobile Application Security Testing Methods

Others 2022-04-28 09:39:10 views: 0


1. Software permissions
1) Risk of deduction: including text messages, making calls, connecting to the Internet, etc.
2) Risk of privacy leakage: including access to mobile phone information, access to contact information, etc.
3) Check the input validity of the App, authentication, authorization, data encryption, etc.
4) Restrict/allow the use of mobile phone functions to access the Internet
5) Restrict/allow the use of mobile phone functions to send and receive information
6) Restrict or use local connections
7) Restrict/Allow the use of mobile phone to take pictures or record
8) Restrict/Allow the use of the mobile phone to read user data
9) Restrict/Allow the use of the mobile phone to write the user data
10) Restrict/Allow the application to register to automatically start the application

2. Install and uninstall Security
1) The application should be correctly installed on the device driver
2) The corresponding icon of the application can be found on the installed device driver
3) The installation path should be specified
4) The application cannot be preset without the user's permission Automatic startup
5) Whether the uninstallation is safe, and whether all the installed files are uninstalled
6) Whether there is a prompt for the files generated during the uninstallation of the user
7) Whether the modified configuration information is restored
8) Whether the uninstallation affects the functions of other software
9) Uninstallation All files should be removed

3. Data Security
1) When entering passwords or other sensitive data into the application, it will not be stored in the device and the password will not be decoded.
2) The entered password will not be displayed in clear text.
3) Passwords, credit card details or other sensitive data will not be stored in their pre-entered locations.
4) The length of personal ID card or password for different applications must be at least 4-8 digits in length.
5) When the application processes credit card details or other sensitive data, it does not write the data in clear text to other separate files or temporary files. To prevent the application from terminating abnormally without deleting its temporary files, the files could be attacked by intruders and then read the data information.
6) When party building sensitive data is entered into the app, it will not be stored in the device.
7) The application program should consider the user prompt information or security warning generated by the virtual machine or the virtual machine.
8) The application program cannot ignore the user prompt information or security warning generated by the system or the virtual machine, and it cannot deceive the user by displaying misleading information before the security warning is displayed. , the application should not simulate a security warning to mislead the user.
9) Before data deletion, the application should notify the user or the application provides a "cancel" command.
10) The application should be able to handle the situation when the application software is not allowed to connect to personal information management.
11) When reading or writing user information, the application will send an error message to the user.
12) Do not damage or delete any content in the personal information management application without the explicit permission of the user.
13) If important data in the database is about to be rewritten, the user should be informed in time.
14) Reasonable handling of errors.
15) Users should be prompted in unexpected situations.

4. Communication security
1) In the process of running the software, if there is an incoming call, SMS, Bluetooth, etc. communication or charging, can the program be suspended, the communication will be prioritized, and the software can be restored normally after the processing is completed, and its original function can be continued .
2) When the connection is established, the application can handle the interruption of the connection due to the network, and then inform the user that the connection is interrupted.
3) Should be able to handle communication delays or interruptions.
4) The application will keep working until the communication times out, thus giving the user an error message indicating that there is a link error.
5) It should be able to handle network abnormalities and notify users of abnormal situations in a timely manner.
6) When the application closes the network connection and is no longer in use, it should be closed and disconnected in time.

5. HMI Safety Test
1) The return menu should always remain available.
2) Commands have priority order.
3) The setting of the sound does not affect the function of using the program.
4) The setting of the sound does not affect the functionality of the
application 5) The application must be able to handle unpredictable user actions such as wrong actions and pressing multiple keys at the same time.


TestBird

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326225795&siteId=291194637
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com