Mobile Application Design and Development Process

Similar documents
Information Security Services

Workday Mobile Security FAQ

TesT AuTomATion Best Practices

Standard: Web Application Development

"It's a Phone First! How to Test Your Five-star Mobile Apps"

SaaS-Based Employee Benefits Enrollment System

Syllabus Version 2.5_R ( )

Excellence Doesn t Need a Certificate. Be an. Believe in You AMIGOSEC Consulting Private Limited

05.0 Application Development

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Table of Contents. Application Vulnerability Trends Report Introduction. 99% of Tested Applications Have Vulnerabilities

Mobile App Testing is not something special

What Smartphones and Tablets are supported by Smart Measure PRO?

Levels of Software Testing. Functional Testing

WEB, HYBRID, NATIVE EXPLAINED CRAIG ISAKSON. June 2013 MOBILE ENGINEERING LEAD / SOFTWARE ENGINEER

Image Area. White Paper. Best Practices in Mobile Application Testing. - Mohan Kumar, Manish Chauhan.

Penetration Test JSPLC. Contact: James, APS (CCNA, CEH) mail.biz

Criteria for web application security check. Version

Learning Course Curriculum

Mobility in Operations Intelligence Lessons Learned

g!mobile 6 Android App Android 4.0 or above -- See Android Devices table for compatibility information Document Revision Date: 2/14/2013

EMPLOYEE LOCATION TRACKING SERVICE

Performance Optimization Guide

Password Management Evaluation Guide for Businesses

User Guide FOR TOSHIBA STORAGE PLACE

Samsung SDS. Enterprise Mobility Management

Testing Mobile Applications

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Using Story Points to Estimate Software Development Projects in the Commercial Phase

What is our purpose?

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

elearning for Secure Application Development

Release Notes: Onsight Connect for Android Software Release Notes. Software Version Revision 1.0.0

System Requirements for Microsoft Dynamics NAV 2016

Using Devices. Chapter 3

How To Use The Elena Mobile App

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

Thick Client Application Security

System Requirements. Microsoft Dynamics NAV 2016

Key & Data Storage on Mobile Devices

Onegini Token server / Web API Platform

Common Criteria Web Application Security Scoring CCWAPSS

Automated testing for Mobility New age applications require New age Mobility solutions

ASHVINS Group. Mobile Application Testing Summary

Copyrighted , Address :- EH1-Infotech, SCF 69, Top Floor, Phase 3B-2, Sector 60, Mohali (Chandigarh),

Privacy Policy Version 1.0, 1 st of May 2016

End User Devices Security Guidance: Apple ios 8

AT&T Global Network Client for Android. Version History

Security Testing & Load Testing for Online Document Management system

Background. Position. Description. Profile and Technical Requirements:

Rational AppScan & Ounce Products

"Secure insight, anytime, anywhere."

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

WIND RIVER SECURE ANDROID CAPABILITY

Applications the centerpiece of a BYOD environment.

Integrating F5 Application Delivery Solutions with VMware View 4.5

Secure File Sync & Share with Acronis Access Advanced Date: July 2015 Author: Kerry Dolan, Lab Analyst

Frequently Asked Questions: Cisco Jabber 9.x for Android

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

Using HP AppPulse Mobile

Mobile application testing is a process by which application software developed for hand held mobile devices is tested for its functionality,

Mobile Accessibility. Jan Richards Project Manager Inclusive Design Research Centre OCAD University

Mobile App Testing Guide. Basics of Mobile App Testing

Enterprise Mobility Report 06/2015. Creation date: Vlastimil Turzík

ecommerce and Retail Rainforest QA enables ecommerce companies to test highly visual user interfaces and customer experience and flow.

Passing PCI Compliance How to Address the Application Security Mandates

The Top Five Security Challenges Presented by Mobile SharePoint Access

Analysis of Native and Cross-Platform Methods for Mobile Application Development. [ Whitepaper] Praveen Kumar S

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

SASOL Young Explorer App Case Study

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

SHARPCLOUD SECURITY STATEMENT

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

BRING YOUR OWN DEVICE

MENDIX FOR MOBILE APP DEVELOPMENT WHITE PAPER

Symantec Client Management Suite 8.0

DroboAccess User Manual

Mobile App Testing Process INFLECTICA TECHNOLOGIES (P) LTD

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

Perfect Your Mobile App with Load Testing and Test Automation

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Enterprise on the Go. How enterprises can leverage mobile apps

In-Depth Look at Capabilities: Samsung KNOX and Android for Work

Security and Vulnerability Testing How critical it is?

Ivan Medvedev Principal Security Development Lead Microsoft Corporation

AGILE SOFTWARE DEVELOPMENT

Information Technology Security Review April 16, 2012

Enterprise Application Security Workshop Series

GENERAL TRAINING ACCOUNTS

CSUSB Web Application Security Standard CSUSB, Information Security & Emerging Technologies Office

Application Security Testing

RELEASE ANNOUNCEMENT Kaseya Mobile Device Management (KMDM) Version 1.0

BYOD Guidance: Good Technology

Kaspersky Security 10 for Mobile Implementation Guide

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Load Testing and Monitoring Web Applications in a Windows Environment

WHITEPAPER BEST PRACTICES IN MOBILE APPLICATION TESTING

E21 Mobile Users Guide

Security Testing and Vulnerability Management Process. e-governance

Transcription:

Mobile Application Design and Development Process

Mobile Application Design and Development We pride ourselves in offering world class mobile application development on your terms. As part of the hiring process, our mobile developers are put through a series of practical tests and a rigorous interview process. Successful candidates demonstrate a strong passion for software development and a superior skill set. Developers work in teams with back-end developers as well as UI architects. This creates a productive environment where creativity is encouraged and the same vision is shared. Each team has a product manager who assigns roles and supervises development. The product manager focuses on ensuring an optimal development process to achieve the project goals. This means supervising the successful design, development, testing and deployment of the product. Design Initial Consultation - During the initial consultation we meet with our clients to discuss the project at hand. Often times, our clients are unfamiliar with application capabilities and thus are unaware of features they can offer their customers. Our expertise allows us to discuss and share ideas in order to arrive at a final product that provides value to their users and exceeds their expectations. Our discussion at this stage includes desired functionality, target audience, and desired platforms of deployment. Proposal - After the initial consultation, a proposal is drafted and submitted to our client for review. The proposal includes a full list of functionality, target platforms and devices, full scope of work to be done, cost, and approximate timeline. Project Team Meeting - Once the project is approved, a project manager is assigned. The project team meeting will consist of the project manager sharing the idea with the UI architects, mobile and back-end developers, and a security consultant when necessary. The idea will be discussed between all to ensure everyone has a clear role, and that areas of development are prioritized. This includes all areas of development including user interface design, functionality implementations, overcoming possible road blocks, and security requirements. The unrestricted flow of ideas culminates in all team members sharing the same vision, which is necessary for optimal development. Developers will suggest incorporation of required technologies and sensors to deliver an application which keeps users engaged. The security expert will share his views on security requirements, and propose ways to implement it in the design in a way that does not interfere with the user experience. By incorporating security as part of the application design rather than imposed after development, the resulting applications are both appealing and secure. Wireframe - The wireframe will show the proposed application flow, along with suggestions made during the team meeting. This document will discuss specific features, animations, information shared, and a preview of the application s user interface. The wireframe will be submitted to the client for review and feedback, and adjusted as needed. UI Design - Development begins. The first stage of development will usually be the user interface. The user interface is what the users will see and interact with, and is therefore considered one of the most important aspects of the application. The design of the user interface will include custom animations, and complete application flow from beginning to end. The developers will work closely with the UI architects to come up with an appealing, innovative and interactive design to keep users engaged with the application. Factors to be taken into account include the ease of performing functions such as logins, access information, and displaying it in a way that keep users engaged.

Designers and developers work together to deliver custom and attractive user interfaces avoiding applications like the one on the right. UI Submission - At this stage the UI will be submitted to the client for review. The application will be distributed through Testflight for ios and Testfairy for Android users. A complete list of functionality will also be provided. A meeting will be set up with the client in order to explain the application and receive feedback. The final product will appear as it does at this stage of development. Mock data will also be included where necessary. For example, if the application requests server information, a server will be set up with mock data to show full functionality of the application. Logic Design and Implementation- This is arguably the most important part of the user experience. The application s logic is the application s brain. The logic design includes creation and incorporation of all necessary algorithms, including those required for hardware sensors, battery optimization strategies, server communication and localized data processing and storage. The main focus is paying specific attention to optimization and user experience by carefully monitoring areas such as memory usage, network request handlers, and transition performance amongst others. Native development is preferred because of both performance and security advantages offered over multi-platform development. Native code development provides a greater degree of control over the application s functionality resulting in a much better user experience. During this stage, the designers will work closely with security staff as well as back-end developers to ensure optimal development.

Testing Our applications go through rigorous testing before they are delivered to the client. The testing is done concurrently with logic design as well as after the final product is delivered by the developers. The testing is done in the most commonly used devices for the target platform. These include iphones 4s and above, ipad, ipad Air, ipad 2, Samsung Galaxy, Galaxy Note, Galaxy Tablet, Nexus 6, Nexus tablet, LG G3, HTC One, and more. The testing is divided amongst the following areas: Performance Testing- The applications are first run through various software tools to monitor what is happening under the hood. Even if the user interface is responding as expected, it does not mean everything is working. Memory management is a crucial part of development and something that is often overlooked. Issues with memory management will cause the operating system to close the application without any notice to the user, which is most commonly seen as a crash. The application is submitted to stress testing where the application is used repeatedly over a long period of time, much longer than what is expected from a user. This testing pushes the limits of the application, and allows us to ensure top performance. Network Testing - Most applications produced today have a necessary back-end component. Communication with these systems is a vital part of the application flow and the user experience. However, network connection errors occur from time to time. It is the developer s job to account for these instances, and handle the errors accordingly. Common errors seen during this testing phase is improper handling of network requests, seen by users as freezing, and failure to keep the user informed. It is critical to keep the user properly informed. The example on the left not only leaves the user confused, but provides an attacker with information about how the application works, including information shared and services used. Hardware Testing - During this stage, the applications are loaded into the devices for the appropriate platforms and tested. The testing of sensors such as GPS accuracy, Bluetooth beacons, cameras, and more is

done. Battery and data consumption are also monitored, and logs are kept throughout the testing process in order to be analyzed. The application is also used in ways it was not designed for, and submitted to additional stress testing. The goal is to cover all possible angles of how a user could interact with the application to discover previously unknown bugs and/or issues. A common error seen in this area of testing is using the application in a perfect environment. This is testing in devices that have the latest hardware, have no other applications running in the background, and the fastest connection is always available. This scenario is idealistic and often not the case once applications are deployed. This is why we run applications in systems where the device is stressed by other applications, on older versions of the operating system, on older devices, as well as with different settings of network connections where appropriate. Reporting After testing is complete, a report is drafted by our testers outlining possible issues as well as the circumstances which led to the errors. The developers correct the reported issues and the application is put through the testing procedure again until no issues are found. Security Before any application is released, a security audit is done on the application and the back-end services. The scope of the audit will vary depending on the type of the application being developed. During the Vulnerability Assessment phase, possible points of compromise are identified through code review of both the application s logic and back-end servers including services and operating system. The vulnerability assessment is sent to our developers in order to fix the problems identified. Depending on the type of application being developed and the severity of vulnerabilities identified, a penetration test may be done wherein exploitation of the identified vulnerabilities is attempted. Code Analysis / Vulnerability Assessment - During this phase, the code is reviewed by our security specialists. Depending on the application, common areas of focus vary but they include handling of login credentials and secure storage, hashing functions, salting mechanisms, encryption and decryption protocols, secure key storage, forms submitted to the server, ASLR implementation, jailbreak checks, killswitch integration, session token storage and expiry, proper implementation of https including certificate authorities and expiry checks, and handling of sensitive information, amongst others. In addition to these, the server services are checked for vulnerabilities outlined in OWASP s Top 10. These include cross site scripting attacks, SQL injection, remote file inclusion, sensitive data exposure, cross site request forgery attacks, and more. The vulnerability assessment includes manual and automated techniques in order to provide the most comprehensive list to our developers. Penetration Testing (Mobile/Server) - The penetration test is reserved for those applications that require the highest levels of security. Our pen testers will try to exploit the vulnerabilities identified during the previous phase using physical attacks as well as attacks over the network. The server side attacks will be performed on the modifications made by Acumen during development, and in a controlled manner. These tests are done manually by our skilled staff with over 10 years of experience in the mobile development and security fields. For more information about our penetration testing procedures please refer to our Security documentation. Product Delivery Once the application has gone through the various stages of testing and the product is deemed complete, it will be submitted for final review by our client. If approved, and when necessary, the project will be submitted for approval by the ios App Store, Google Play, and any other stores requested. The applications are usually available for download within 2 weeks after submission, depending on the platform.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information