Question

You are preparing for a review of a mobile application that will allow users to transfer money between bank accounts from different banks. Security is a concern with this application and the previous version of this application had numerous security vulnerabilities (some of which were found by hackers). It is very important that this doesn't happen again.

Given this information, what type of review technique would be most appropriate?
A. Ad hoc
B. Role-based
C. Checklist-based
D. Scenario

Answer 1

The most appropriate review technique for a mobile application with previous security vulnerabilities is a Checklist-based review, as it provides a structured way to examine security criteria and prevent oversights. Additional scenario and role-based reviews can further strengthen security.

Step-by-step explanation:

Given the context of security concerns for a mobile application that enables users to transfer money between different bank accounts, the most appropriate review technique would be C. Checklist-based review. This approach involves a structured examination of the application against a predefined list of security criteria, ensuring that common and known vulnerabilities are scrutinized, and thereby mitigating the risk of security breaches. Checklist-based reviews can help systematize the evaluation process and ensure that important security aspects are not overlooked in the review process.

To further bolster security, you may also consider implementing other review techniques such as scenario testing, which focuses on how the application behaves under simulated real-world conditions. An additional layer of review could include a role-based review which examines the application's security from the perspective of different user roles and the corresponding levels of access control.