Security Testing for mobile applications - mobile

i'm new to the mobility domain. What should be the best approach to test the mobile applications security vulnerabilities. Please share the information and if anybody knows any tools to be use to achieve the same.
I'm looking for android and iOS platform.

The only best way to test web applications or mobile applications is to follow OWASP guidelines. If you know little bit about the web app security, then surely you will aware of the OWASP.
Similar to web applications, OWASP provide the top 10 risks for mobile also. Please refer OWASP site for more details.

You can run static code analysis on the app.
This will give a detailed report on the possible security issues with your app.
There are some tools available which will help you to do so.
Infact I have designed a web application which runs this analysis on .apk or .ipa file which a user uploads and displays the result of the scan in HTML format.
Feel free to explore https://thesecurityscan.com/

Related

How do you check your web apps look like?

I've created a basic web-app which guides user to decide first programming language. I've created my project checking through Google Dev Tools iPhone6 view since I'm using iPhone6 also but in real iPhones appearance is not even look close. Is this annoyance only for me or for everyone also? or is there better way to design a web app for mobile? You should check difference from here https://ibb.co/Gcsjsvn and check my repo from https://github.com/kgokdemir/firstlang

Monetizing Hybrid Apps [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I'm looking to launch a mobile app. Since the app is fairly simple/straightforward, without the need for a ton of performance/graphics/etc, a Hybrid app seems to make a lot of sense- especially considering my limited budget. However, a big part of the business model relies on in-app purchases. Here, it seems a lot more likely to convert those sales through payment systems such as ones' iTunes account. Does anyone know if a Hybrid app, written in HTML-5 but wrapped in a native shell, can still leverage internal, immediate payment features such as the iTunes store. If not, what are the options for Hybrid apps to streamline in-app purchases?
Thanks in advance for the help with this. Very limited info on this subject out there.
I'm not surprised that there are no replies to this question. I've been researching hybrid mobile app monetization with limited success. I'm personally more concerned with incorporating mobile ad networks (AdMob) and socialization networks (Socialize, Facebook, Twitter) in hybrid mobile apps based on HTML5, CSS3 and JavaScript. I'm focusing on Android to start. PhoneGap has an AdMob plugin that works. Eclipse also has a PhoneGap plugin by MDS that makes it easy to get started.
As you get further away from native Android and closer to the cross platform build environments it becomes more difficult or impossible to use various required SDKs for monetization and socialization unless there is an existing plugin or you (and other developers) are willing to write a plugin.
Most of the cross platform build systems (PhoneGap Build, Icenium, Monaca, Titanium ...) and the MEAPs (OpenMEAP, Convertigo, WorkLight, Feed Henry, Antenna, Appcelerator...) currently have no support. Apparently, monetization and socialization are low priorities in the race of the cross development platforms.
With respect to your question about in-app purchases for cross platform mobile development, there are two exceptions that I am aware of, the Intel XDK and the AppMobi Cloud Services SDK. The Intel XDK, largely based on it's acquisition of AppMobi and it's HTML5M App Center, has implemented this through 1Touch.
http://html5dev-software.intel.com/
http://www.appmobi.com/
http://www.appmobi.com/amdocs/lib/Article-1TouchInventory.pdf?r=4960
They also have references that advertising will be coming soon as well.
You can also develop hybrid Intel HTML5 apps without using the Intel XDK by using the AppHub Cloud Services.
http://www.html5dev-software.intel.com/amdocs/lib/Article-DevelopingOutsideXDK.pdf
Good luck.
There are various ad networks that have respective Cordova plug-ins that you can use should you choose to go hybrid via Cordova e.g. AdMob (https://github.com/rajpara11/phonegap-plugins/tree/master/Android/AdMobPlugin), RevMob (http://sdk.revmob.com/cordova) etc
If In-App purchase is your thing, then there are plug-ins for this as well: https://github.com/phonegap/phonegap-plugins/tree/master/iOS/InAppPurchaseManager.
As for platform of choice, I would definitely recommend Icenium, which was just officially released and has really matured. Their major version scheduled one month from now would enable users to take advantage of custom Cordova plug-ins.
The trick is to call the advertisements in the native layer instead of the WebView, essentially running Ads outside/ontop of the HTML5 portion. This typically requires use of an IDE to implement.

Necessity of Silverlight App Signing

Hi all at stackoverflow,
Is it really necessary to get my Silverlight app signed before I get it hosted on to the web? Can I do it without it, bearing in mind that I'm not a major company or business but I have written and designed the app for a small company?
Kind regards
Will.
I've had a few Silverlight apps running on the web and have never dealt with signing. I can't say for certain that it won't be a problem under some circumstances, but in general signing isn't required.

Web and mobile site creation - just starting on this project

I need to build both a website and a mobile site (starting from scratch). The website will include a registration/login, user upload, and sharing feature. I would like to have all of these features available in the mobile site as well. Any recommendations on the best starting approach would be appreciated. For example, should I create the website from start to finish before even starting to think about the mobile site.
Thanks
If you design your server side code correctly, you should be able to use those components no matter where the client is. You would just have to write a thin wrapper for each different interaction type, e.g. xml vs json.
Its hard to say more without knowing exactly what you are doing, and how many people you have working on this? You can finish the desktop version before you start the mobile, but you don't have to. Depending on team size/skill you could develop both concurrently...

Is it advisable to have a mobile version of a web application?

With the advent of smart phones, individuals are now able to access a given site or application in one of three ways:
Through the same site that is rendered on desktop machines
Through a minimized mobile version of the site
Through a proprietary mobile application
In an ideal world, users could choose from any of those three methods. However, there is a cost associated with implementing additional interfaces on top of the existing Web interface.
I'm seeking verifiable information (statistics, trends, Gartner predictions, etc.) that could help someone justify the creation of a minimized mobile site and/or proprietary mobile applications vs. having a well-crafted site that renders fine in mobile browsers.
I found an article covering Nielsen's 2009 recommendation but the article seems to suggest that you should address mobile users, not so much how to determine which method(s) are more appropriate (not to mention there aren't any references to mobile apps).
If your site renders fine in mobile browsers, why would you need a minimized one? Remember not everyone has an iPhone. Blackberry users usually need a special version, unless your site has Wikipedia like simplicity.
You can look at your logs and see how many users come that have mobile phones. Check this against the bounce rate, this will tell you if they can view your site or not.

Resources