Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Advertising and Sponsorship
    • Profile & Readership
    • Contact Us
    • Latest News
    • Privacy & Cookies Policies
    • Terms of Use
    • Advertising Terms
    • Issue 81
    • Issue 80
    • Issue 79
    • Issue 78
    • Issue 77
    • Issue 76
    • Issue 75
    • Issue 74
    • Issue 73
    • Issue 72
    • Issue 71
    • Issue 70
    • View All
    • About the Awards
    • Awards Timetable
    • Awards Winners
    • Submit Nominations
    • Testimonials
    • Media Room
    • FAQ
    • Asset Management Awards
    • Brand of the Year Awards
    • Business Awards
    • Cash Management Banking Awards
    • Banking Technology Awards
    • CEO Awards
    • Customer Service Awards
    • CSR Awards
    • Deal of the Year Awards
    • Corporate Governance Awards
    • Corporate Banking Awards
    • Digital Transformation Awards
    • Fintech Awards
    • Education & Training Awards
    • ESG & Sustainability Awards
    • ESG Awards
    • Forex Banking Awards
    • Innovation Awards
    • Insurance & Takaful Awards
    • Investment Banking Awards
    • Investor Relations Awards
    • Leadership Awards
    • Islamic Banking Awards
    • Real Estate Awards
    • Project Finance Awards
    • Process & Product Awards
    • Telecommunication Awards
    • HR & Recruitment Awards
    • Trade Finance Awards
    • The Next 100 Global Awards
    • Wealth Management Awards
    • Travel Awards
    • Years of Excellence Awards
    • Publishing Principles
    • Ownership & Funding
    • Corrections Policy
    • Editorial Code of Ethics
    • Diversity & Inclusion Policy
    • Fact Checking Policy
    Original content: Global Banking and Finance Review - https://www.globalbankingandfinance.com

    A global financial intelligence and recognition platform delivering authoritative insights, data-driven analysis, and institutional benchmarking across Banking, Capital Markets, Investment, Technology, and Financial Infrastructure.

    Copyright © 2010-2026 - All Rights Reserved. | Sitemap | Tags

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    1. Home
    2. >Technology
    3. >Application Security Testing: 5 Tips to Respond to the Threat Landscape
    Technology

    Application Security Testing: 5 Tips to Respond to the Threat Landscape

    Published by Gbaf News

    Posted on January 28, 2020

    5 min read

    Last updated: January 21, 2026

    Add as preferred source on Google
    An illustration representing mobile application security testing, highlighting key cybersecurity elements. This image aligns with the article's focus on enhancing application security through OWASP guidelines.
    Mobile application security testing concept with cybersecurity elements - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    By Andriy Lysyuk, Head of Cyber Security at Ciklum

    Smartphones have made our world more mobile, and there’s no sign that this phenomenon is slowing down.

    This radical transformation has changed the way we communicate with one another, stay informed and conduct business. Many people opt to use smartphones as their primary device to help manage their life.

    One of the best resources for identifying mobile security threats is The Open Web Application Security Project (OWASP), especially its Mobile chapter. OWASP is a not-for-profit organization dedicated to improving software security. Supported by an ever-growing community of individuals, corporations, universities and government agencies, OWASP releases software and documentation with a unique focus on making application security transparent and actionable. Organizations that have cited OWASP’s researches include the National Cybersecurity Agency of France, Centre for the Protection of National Infrastructure of Great Britain, and the Defense Information Systems Agency of the United States.

    Periodically, OWASP releases a collection of the most dangerous web application security flaws known as the OWASP Top 10. However, Top10 document is the description of vulnerabilities only at the top of importance rating, in addition, OWASP releases more detailed materials called Testing Guides which describe approaches to the discovery of flaws that become security issues later.

    For mobile app developers, it’s a great resource to become aware of some of the biggest possible flaws in application security. Drawing from the OWASP Top 10, here are five top tips companies should use when testing mobile applications for security:

    Identify leaky development

    The Android and iOS operating systems are built with security in mind, but that doesn’t automatically make the applications developed for those platforms secure. Ultimately, application security depends on a developer’s skill and attention to following best security practices. But the pressures of application development, such as speed to market or developing with a new programming language, can cause developers to overlook critical security issues.

    The proliferation of third-party frameworks, APIs or cross-platform development tools can aggrevate these problems. Software that reduces weeks of development time might be great for quickly releasing a new version of an application, but it also induces developers to assume that these tools are completely secure. For an application communicating directly with a third-party server, these vulnerabilities can be seen, for example, through default administrative interfaces or default content.

    When testing your mobile app, ensure you’ve looked beyond the operating system itself and checked for vulnerabilities in your third-party extensions, development tools and web-based interfaces.

    Cybersecurity Threats & Trends. The Ultimate Guide to Security Testing

    Plug leaky data

    With the European Union’s recent implementation of the General Data Protection Regulation (GDPR), data security isn’t just crucial for user information — it’s also the law. One of the key principles of the GDPR is data protection by design and default, meaning applications must be built from the ground up with data security in mind.

    Unfortunately, insecure data storage can lead to unintended data leakage, posing a great risk to data security. Data leakage can result from vulnerabilities in the operating system, development frameworks or hardware, while insecure data can live in removable storage, cloud storage and any number of logs and databases. An exploited vulnerability could allow attacker to find private user data created by an app stored in a local database file.

    Make sure your mobile app testing takes into account how the OS, APIs and other third-party frameworks collects, cache, log, process and store your application’s data.

    Stop leaky communication

    The beauty of mobile devices is the convenience of being able to communicate with people, products and services all around the globe. For this to even be possible, data has to be transmitted from one point to another, which can happen in any number of ways: over Wi-Fi, Bluetooth, a cellular network, an NFC chip or a physical port.

    The trouble with mobile-to-mobile communications or app-to-server communications is that an insecure connection can lead to data leakage. Whether it’s eavesdropping or a man-in-the-middle attack, intercepted communications pose incredible security risks for app users.

    Avoid insecure communication by operating from the assumption that your network is already insecure. Test to make sure you’re using modern SSL/TLS protocols and trusted certificates, and ensure data isn’t being sent through alternate channels like push notifications or SMS.

    Prevent leaky authentication

    Unlike web applications, mobile applications are not expected to be online all the time due to the unpredictability of wireless connections. This means that for carrying out security authentication, mobile apps may end up storing sensitive login credentials on the local device in order to transmit them to a server as soon as a network connection is present. Local user authentication can lead to vulnerabilities that exploit system weaknesses to share private information with an attacker.

    If your mobile app requires security authentication, make sure to test for weaknesses in the authentication process. Mobile apps should be just as strong as their desktop or web equivalent and should not be able to be authenticated more easily than a web browser. One best practice is to assume client-side authentication can be exploited, so rely on server-side authentication whenever possible.

    Biometric authentication method is gaining traction as it makes people feel much more secure than while typing the password.

    Avoid leaky functionality

    Throughout the development process, hidden dashboards or special environments may be built into an app in order for developers to continue building their apps. These environments may only exist for the sole purpose of testing and are not intended to be released to the public. However, this code needs to live somewhere — and it often resides in the app until development nears a conclusion.

    Before deploying your mobile app, test to ensure there are no hidden switches or configuration settings, excess test code has been removed from the product and API endpoints are properly documented and publicly available.

    More from Technology

    Explore more articles in the Technology category

    Image for Innovation Through Partnership: The Role of External Tech Teams
    Innovation Through Partnership: The Role of External Tech Teams
    Image for Nominations Open for Technology Awards 2026
    Nominations Open for Technology Awards 2026
    Image for Nominations Open for Innovation Awards 2026
    Nominations Open for Innovation Awards 2026
    Image for Archie earns industry recognition across G2, Capterra, and SoftwareReviews
    Archie Earns Industry Recognition Across G2, Capterra, and SoftwareReviews
    Image for The Bankaool Transformation: How a Regional Mexican Bank Became a Fintech Disruptor
    The Bankaool Transformation: How a Regional Mexican Bank Became a FinTech Disruptor
    Image for Submit Your Entry Today for Digital Banking Awards 2026
    Submit Your Entry Today for Digital Banking Awards 2026
    Image for Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Behavioral AI in Financial Services: Moving Beyond Automation Toward Human Understanding
    Image for Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Submit Your Entry for Brand of the Year Awards Technology Bahrain 2026
    Image for Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Entries Now Open for Best Islamic Open Banking Burkina Faso APIs 2026
    Image for Entrepreneurial Discipline in the AI Economy: Insights from Dmytro Lavryniuk
    Entrepreneurial Discipline in the AI Economy: Insights From Dmytro Lavryniuk
    Image for Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Entries Now Open for Best New Digital Wallet Innovation Award 2026
    Image for Call for Entries: Best Digital Wallet 2026
    Call for Entries: Best Digital Wallet 2026
    View All Technology Posts
    Previous Technology PostData Breaches – Emerging Trends for Financial Services Firms
    Next Technology PostAI for a New Decade