Android Application Security Testing Part-18: Dynamic Analysis
DYNAMIC ANALYSIS
The focus of dynamic analysis (also
called DAST, or Dynamic Application Security Testing) is the testing and
evaluation of apps via their real-time execution. The main objective of dynamic
analysis is finding security vulnerabilities or weak spots in a program while
it is running. Dynamic analysis is conducted both at the mobile platform layer
and against the back-end services and APIs, where the mobile app's request and
response patterns can be analysed.
Dynamic analysis is usually used to
check for security mechanisms that provide sufficient protection against the
most prevalent types of attack, such as disclosure of data in transit,
authentication and authorization issues, and server configuration errors.
- Dynamic Methods
- Finding vulnerabilities using Proxy tools
- Tools:
- E.g. Burp Suite, OWASP ZAP
- Finding vulnerabilities with Drozer
- Tools
- Drozer
No comments