-
Notifications
You must be signed in to change notification settings - Fork 0
Testing the Android Application
This document describes the testing of the Android application.
As described in the Testing Plan we carried out the penetration testing of the application using Drozer, F-Secure's tool for security testing Android applications.
During the automated penetration testing, we used the following modules of Drozer:
app.package.attacksurfaceintents.fuzzinozer
We identified the attack surface using the app.package.attacksurface module of drozer. It analyzed the application, and concluded that the attack surface of the application is the following:
LoginAcivityMainActivity
It is consistent with the notion, that we did not define any content providers, broadcast receivers or services.
We fuzzed the intents of the attack surface using the intents.fuzzinozer module of Drozer. During the fuzzing, Drozer identified 2,226,048 potential intents worth to try, but none of the intents executed yielded any vulnerabilities in the application.
In conclusion all the requirements defined during the design phase are covered. The penetration test did not reveal any shortcomings of the application, we concluded that the client satisfies all of our functional- and security requirements.
© Grotesque Gecko, 2020
- Functional Requirements and Use Cases
- Security Requirements and Objectives
- Threat Assessment
- Quality Gates
- Chosen Technologies
- Required Security Functionalities
- Structural Model of the System
- Behavioral Model of the System