Looking at the title it doesn’t mean that I have conquered web security testing totally. And it wouldn’t make sense to me if I said; I would conquer web security totally before I die. It is such a vast area of study and keeps on going and going just like we do not know where the end of this universe is? I wasn’t a freak of mobile phones from long back. However, as a security tester I wanted to see how I could test for mobile security. And I must admit that, mobile security is not yet matured when compared to web security in terms of exploration.
I started from searching for mobile security books on amazon and flipkart. I finally found a book titled “Mobile Application Security” on Flipkart and bought it. With respect to reading from a book, I have always been a reader who would just skip the pages where I couldn’t find it interesting. My reading approach of this book was to go to the last topic which spoke about “Tools and Utilities” for mobile security. (Reference: https://www.isecpartners.com/tools/mobile-security.aspx) I started to read about tools description and thought of learning in reverse engineering fashion. One is to learn the concept and find the tool which can accomplish in implementing your idea; while the other way is to learn the tool and then think of test ideas. So, I picked the second approach as of now.
My reading has not been regular as of now, but I hope to get back to the track soon. The reason is, I have been very busy for the preparation of my next start-up. Follow me on Twitter @santhoshst to know the frequent updates and also I have been using hashtag as #MyNextStartupTeaser
In a nut-shell here is what I have learned about mobile (security) testing,
- Android Manifest Explorer Tool
- Intent Fuzzer Tool
- Dalvik VM – This was interesting read to know how one could debug for android apps. Thanks to Perze Ababa (His blog: http://perze.blogspot.in/) for bringing this to me while we were discussing several things while having dining.
- And something related to the check automation
I always see any topic or study as vast. It always depends on how it looks to ones eye. So, I am game for the challenge and look forward to be good enough in terms of mobile (security) testing.