Is there any tool to test the security of an ionic app?


#1

I need to test my app with any tool like JMeter to simulate a stress test or Vega to test security on my app. I hear about Toxy.JS but i dont find any good tutorial showing how to use that. Can anyone help me with this? Thanks in advance.


#2

It’s a web app. The enemy can see everything.


#3

Yep, i know, but i try to find a specif tool to test ionic apps and report a test status. So, can i use Jmeter to do this? How? I config my smartphone last night with jmeter and in recording the Jmeter cant capture all processes when i use the app…


#4

You can use the Angular CLI to test your App in a browser (using Jasmine, Karma and Protractor + test coverage via Istanbul).


#5

Thanks @robinyo, but i need to test the security and stability, not unit tests or E2E. I have do that. My problem actually is test the vulnerability of app, like sql injection, XSS and etc. I use Firebase and not find a good aproach to do this.


#6

“New technology always introduces new security risks, and mobile computing is no exception. Security concerns for mobile apps differ from traditional desktop software in some important ways. Modern mobile operating systems are arguably more secure than traditional desktop operating systems, but problems can still appear when we don’t carefully consider security during mobile app development. Data storage, inter-app communication, proper usage of cryptographic APIs, and secure network communication are only some of these considerations.”

Check the Mobile Security Testing Resources section in: https://robferguson.org/blog/2017/11/28/testing-your-ionic-3-app/


#7

Using jMeter on an app is not a useful idea. You can test your API endpoints with jMeter and create similar traffic like many users of your app would create, but that is a different thing.


#8

Thanks again, i keep searchin a proper tool to do this. One friend have tested whit toxyn… I go try this. Cheers.


#9

See: https://github.com/OWASP/owasp-mstg/blob/master/Document/0x08-Testing-Tools.md


#10

Can you provide a link? Googling didn’t return useful results.


#11

So, i dont achieved to test my app with Toxyn, then i use Protractor and Jasmine for E2E tests only.


#12

Thanks @robinyo , awesome link!