And here we go, another testing challenge for the next 20 days. This time it is a internal challenge at XING. The challenge was setup by Maik Nogens and Ionut Oancea and is inspired by the 30 days of testing challenge from Ministry of Testing. If you are a frequent reader of my blog, you have probably read my progress in the 30 days of testing challenge here.
Day 20: TEST YOUR PRODUCT FOR A QUALITY CRITERIA, WHICH NORMALLY IS NOT A FOCUS IN YOUR BUSINESS UNIT
Security testing is usually not in my business unit at XING. We have a dedicated security team which takes care about this topic. I like the topic, but I am by far not a security expert but I know some basic techniques to perform some simple checks. However, when testing mobile apps I use the OWASP lists to get an idea what to check and what to do. If you are working in mobile testing as well, you should take a look at the Mobile Top 10 Security Risks. As a starting point to check for security I use Charles proxy to intercept the communication between the mobile app, the network and our backend systems. While performing this check e.g. make sure the requests and responses are encrypted. If you have no idea about security testing at all, I highly recommend to hire security experts who will help you identify possible weak spots.