Functional and Security Testing of a Mobile Client-Server Application

• Main Authors: Holmberg, Daniel, Nyberg, Victor
• Format: Others
• Language: English
• Published: Linköpings universitet, Institutionen för datavetenskap 2018
• Subjects: Security; Android; Mobile application; Python; Flask; Server; Software testing; Functional testing; Reverse engineering; Fuzz testing; Monkey testing; RESTful API testing; Sniffing; SQL injection; Confidentiality; Integrity; Availability; Reliability; Espresso; Postman; Wireshark; dex2jar; Apktool; JD-GUI; Computer and Information Sciences; Data- och informationsvetenskap
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148710

Today’s massive usage of smartphones has put a high demand on all application developers in the matter of security. For us to be able to keep using all existing and new applications, a process that removes significant security vulnerabilities is essential. To remove these vulnerabilities, the applications have to be tested. In this thesis, we identify six methods for functional and security testing of client-server applications running Android and Python Flask. Regarding functional testing, we implement Espresso testing and RESTful API testing. In regards to the security testing of the system, we do not only implement fuzz testing, sniffing, reverse engineering and SQL injection testing on a system developed by a student group in a parallel project, but also discover a significant security vulnerability that directly affects the integrity and reliability of this system. Out of the six identified testing techniques, reverse engineering exposed the vulnerability. In conjunction with this, we verified that the system’s functionality works as it is supposed to.