Local file system: Run a security check on local file systems to test temporary files and cached data that already exists in the mobile device. This would also help monitor database related security.
Insecure file permissions: Check the internal & external disk space, rights & permission on the target file, file encryption and authorization of user access.
Error handling & session management: Check for application exception management, error handling functionality and randomness of session identifiers, and spot the attacks abusing sessions.
Business logic flaws: Test everything relevant for logic flaws, security functions, multi-stage processes, trust boundaries and adjustments made to quantities.
Client-side injections: Test for client-side injections to detect malicious inputs on the installed applications. Ensure that you also get a cross-site scripting, HTML injection and other relevant checks done.
Server-side validation: Check for validation on the server side for injection, cross-site scripting on the server end.
Replay attack vulnerabilities: Keep an eye on malicious inputs that come as legitimate requests from an authorized or an unauthorized user. Check for response splitting and cache poisoning too.
Mobile App security concerns mainly arise out of malicious functionalities and vulnerabilities. While the above list may act like a checklist to effectively mitigate risks, app developers and security teams must also keep an eye out for new threats at all times.
ABOUT HAPPIEST MINDS
Happiest Minds enables Digital Transformation for enterprises and technology providers by delivering seamless customer experience, business efficiency and actionable insights through an integrated set of disruptive technologies: big data analytics, internet of things, mobility, cloud, security, unified communications, etc...