Testing to ensure applications are fully functional, meet the core requirements and user expectations has absolutely become the bare minimum today. There are a lot more critical pieces that a quality team and a product team need to ensure before sign off from non-functional requirements as well as compliance standpoints. One such area is app security or let’s say mobile app security or further still security testing for banking apps in the mobile world. A security breach today is a huge adverse hit from varied standpoints – client data, product reputation and often times even legal repercussions.
Now let’s take a practical scenario relevant in today’s context. Most of us are power mobile users – most of our regular transactions be it ecommerce, banking, or any other domain for that matter is taken up on mobile phones. Let’s take a scenario of an electricity bill payment. When I pay online, I get several options including use of credit, debit cards, net banking, online wallets, universal payment instruments etc. It need not be a direct banking application that I access, to take on a banking transaction. The touch points are several and most have an integration piece with the banking domain, given how mainstream mobile computing has evolved to become.
As testers, here is an overload of critical keywords to take note of in ensuring the test strategy is fool proof – security, mobile, banking. One needs to look at the testing scope for each of these both independently and interdependently to take on a reliable testing effort.
From an independent angle, mobile testing brings in its own nuances around workflow rendering on a smaller screen, UI and intuitiveness especially in testing banking applications which are often overloaded with transaction options, responsive web design across supported devices and operating systems. A banking application has its own business processes and workflows to adhere to, including specifics around usability and accessibility, functional integrations, seamless end to end flow. Core banking trends around Open Banking, Predictive Banking, Ubiquitous Payments are all becoming more of a norm, which increasingly show case the influence of technology in the secure banking apps sector. From a security angle, teams are no longer testing just at the web/UI level – for a long time, OWSAP top 10 web security vulnerabilities reigned the industry when it came to security testing. OWASP is a much bigger project today, focusing deeper on security testing at the database levels, API levels, promoting secure cross collaboration and consumptions of services. Security testing for banking apps, especially in the mobile domain has been a critical playing field for projects such as OWASP to define best practices in guiding the testing and engineering fraternities.
In addition to seeing each of these pieces individually, testing efforts are also taken up in a consolidated manner considering what is relevant when all these pieces come together. A lot of combinatorial testing is also taken up to ensure non-functional areas such as security are not an afterthought but are planned early on in the development cycle. Teams are also encouraged to think holistically where all these pieces come together as one cannot see mobile, security or banking in isolation today. This is a powerful combination that co-exists in almost every digital transaction that we take on and this scenario will only get more strongly rooted and will serve as the base for more products and scenarios to be built around, in the coming years.