Secure SDLC in Mobile Application Development (IOS & Android)

By santoshchoudhary ·
Tags: Security
Information Gathering: The first phase in security assessment is focused on collecting as much information as possible about a target application. Information Gathering is the most critical step of an application security test. This task can be carried out in many different ways:
Identify access methods
Identify what frameworks are in use
Identify server side APIs that are in use
Identify what protocols are in use
Identify other applications or services with which the application interacts
Get information about what functions, classes and methods are referenced in the application and in the dynamically loaded libraries.
Design Review: The successful security design review results in a comprehensive threat modeling effort that first decomposes the system into its assets, roles, and components, and then identifies threats and possible mitigations that would thwart the realization of these threats. Deliverables for the design review include:
Individual design decisions that could pose a threat to the system
Remediation recommendations that can be used to mitigate the identified threats
Secure Code Review: Code review is probably the single-most effective technique for identifying security flaws. When used together with automated tools and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort.
Static Code Review
Dynamic Code Review
Vulnerability Assessment : A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system that defines the security holes (vulnerabilities) in a computer, network, or communications infrastructure
Application Traffic Analysis
Run Time Analysis
Insecure Data Storage
Penetration Testing

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Related Discussions

Related Forums