Functional and Security Testing of a Mobile Client-Server Application / Funktionell och säkerhetstestning av en mobilapplikation bestående av en klient- och serversida

Holmberg, Daniel, Nyberg, Victor

January 2018

Today’s massive usage of smartphones has put a high demand on all application developers in the matter of security. For us to be able to keep using all existing and new applications, a process that removes significant security vulnerabilities is essential. To remove these vulnerabilities, the applications have to be tested. In this thesis, we identify six methods for functional and security testing of client-server applications running Android and Python Flask. Regarding functional testing, we implement Espresso testing and RESTful API testing. In regards to the security testing of the system, we do not only implement fuzz testing, sniffing, reverse engineering and SQL injection testing on a system developed by a student group in a parallel project, but also discover a significant security vulnerability that directly affects the integrity and reliability of this system. Out of the six identified testing techniques, reverse engineering exposed the vulnerability. In conjunction with this, we verified that the system’s functionality works as it is supposed to.

Security

Android

Mobile application

Python

Flask

Server

Software testing

Functional testing

Reverse engineering

Fuzz testing

Monkey testing

RESTful API testing

Sniffing

SQL injection

Confidentiality

Integrity

Availability

Reliability

Espresso

Postman

Wireshark

dex2jar

Apktool

JD-GUI

Computer and Information Sciences

Data- och informationsvetenskap