Case Study :- Mobile Software Testing
Mobile based software product security testing
||Software development IT firm catering to irrigation and power generation sector
||Firm manufactures mobile based software
Products are meant for irrigation and water management sector
as well as power generation plants
|Time to solution
The software development firm is based at Pune, India and primarily creates mobile based software. The software is used by firms providing water and irrigation services, as well power generation units. Purpose of software is multifold, to record attendance, to record temperature and other scientific parameters at remote locations. They approached Valency Networks for the purpose of performing mobile application security testing as well as the server software which connected to all mobile devices.
- Valency Networks started work via a kickoff meeting with stakeholders and studied server software architecture as well as its operations using mobile devices.
- A list of possible security attack vectors was created. Separate testing list of mobile software was created. Mobile software vectors were simulated on a windows machine.
- Intrusive tests were performed on server as well as on the mobile device end to capture logs. Logs were processed to find out additional hacking points.
- A separate Android operating system module was created to measure mobile logs and was corelated with the server logs.
- Subsequent serious tests were performed to simulate all mobile scenarios typically found at irigiation plant as well as power generation plants.
- Technical solution engineering was performed and provided as a consultancy service to the customer.
- Additional round of re-testing was performed to ensure all the vulnerabilities were fixed.
- Finally a detailed audit and test report with problems found and their solutions suggested was presented in front of the customer's management. IT architecture changes were suggested in the report too, with action dates and plans.
- Customer's products were enhanced due to the value addition of IT security.
- Customer could acquire multiple orders by emphasizing the cyber security enablement of their products and services.
- Customer was imparted with cyber security knowledge and could use it in their next version of the same product, as well as upcoming mobile products.