MAST Techniques: What is Mobile Application Security Testing?

Learn more about mobile app security testing at: www.guardsquare.com/appsweep There are a variety of approaches to mobile app security testing. Vulnerability analysis is a manual, or automated process, of analyzing the code for vulnerabilities. Static Application Security Testing, or SAST, analyzes the code and does not require the app to be running. Dynamic Application Security Testing, or DAST, analyzes the code for vulnerabilities during runtime, which helps identify additional types of vulnerabilities only seen when an app is running. Pentesting is typically performed before an app’s release, on a less frequent basis. The development team identifies testing goals and then uses an internal or external security tester to find exploitable vulnerabilities in the app. Pentesting can be mandatory for meeting certain security compliance requirements. The Mobile Application Security Testing Guide (MASTG), from OWASP is a great resource for guidance on developing a security testing strategy.