Does anyone know if there is a Guide/CheatSheet for Security Testing Apps on Android?
I am a software tester and whilst I know my way around security testing for the web, I'm looking for a jump start in Security Testing for Android. Just the basics really, things like how to manipulate text fields, cause buffer overruns etc in Apps.
An example case would be an app which we are developing that allows a user to input free text. I want to be able to prove the point that we need to sanitise the user's input here, so ideally, I'd like to know of a string that I can enter, which will cause an undesired effect on the page which displays the user's input.
eg, In a web page, I enter "<IMG SRC=javascript:alert('Sanitise User Input')>" and an alert is fired on displaying that input.
Like I say, I know my way around this type of thing for the web, but I'm not an Android Dev and I don't know how to manipulate the code with my input.
So, Does anyone have any pointers/source of info/ideas?
Thanks Folks,
Noodoo
(Long-time lurker, infrequent poster)
I am a software tester and whilst I know my way around security testing for the web, I'm looking for a jump start in Security Testing for Android. Just the basics really, things like how to manipulate text fields, cause buffer overruns etc in Apps.
An example case would be an app which we are developing that allows a user to input free text. I want to be able to prove the point that we need to sanitise the user's input here, so ideally, I'd like to know of a string that I can enter, which will cause an undesired effect on the page which displays the user's input.
eg, In a web page, I enter "<IMG SRC=javascript:alert('Sanitise User Input')>" and an alert is fired on displaying that input.
Like I say, I know my way around this type of thing for the web, but I'm not an Android Dev and I don't know how to manipulate the code with my input.
So, Does anyone have any pointers/source of info/ideas?
Thanks Folks,
Noodoo
(Long-time lurker, infrequent poster)