With the widespread use of Mobile Apps, ranging all the way from grocery list planning up to private banking, security has come to take a natural place in the app development ecosystem. Different platforms offers different solutions to make the security aspect of your life as an app publisher easier and in this talk we'll take an in depth look at what tools are actually available, how they differ and how we already on a planning stage should take into account the differences between the platforms we want our apps to target. How should issues such as user authentication or encrypted storage be handled to maximize security while still maintaining a coherent software architecture across the targeted platforms?
After having identified key issues as far as architecture and development goes, we'll take a look at security on mobile platforms from a test perspective. Here I'll try and answer 3 questions that are often raised when discussing mobile app testing and security.
1. Are there any differences in how we do software security testing on mobile compared to ordinary desktop- or server-testing?
2. Does testing differ between mobile platforms too or is it possible to have a platform agnostic approach?
3. On what level should testing be done and how can close collaboration between testers and developers help us focus our, often strained, test resources on relevant issues?
Security has in the last few years taken a more prevalent role in the application development cycle and as consumer trends transitions towards a scenario where mobile devices completely replaces traditional PCs it's more important than ever before that we invest in proactive security work and that we thoroughly test our apps from a security point of view. This talk aims at helping app publishers plan their mobile app development security strategy.