Mobile Security Testing


Does anyone have an idea about Mobile Security Testing ? If so how can it be implemented on iOS Devices along with Appium

That’s a very broad question/statement.

Appium will do things like a user would.

What are you trying to do?

I am trying to check the back end API and DB security

Not sure how Appium would help then. This should be done at a different layer. Talk to your dev team

From the Appium perspective, the only thing I can think of relating to its use for security testing would be to have Appium automate the user actions of nefarious/malicious use cases, as well as automating repetitive actions needed for security testing (e.g. data generation for which you would say for example, sniff the network traffice from the mobile app through the wifi network to see if you can intercept the data, etc.).

@daluu How can I capture the network traffic using Appium for iOS devices?

You can’t capture the network traffic directly via Appium, as far as I know. You’ll need to separately run a tool like BrowerMobProxy (or Charles Proxy or Fiddler), Wireshark, etc. to do that. What you could do, if using a proxy is to configure the simulator or device to route network traffic through the proxy, which you may or may not be able to do via Appium for the network settings. Although in that case, for real device, you could just preconfigure the proxy by hand, and for simulator, the easier way might be to configure the proxy against the Mac host running the simulator so that you don’t need to configure anything on simulator side.