How to control the risk of financial mini-programs, the WeTest mini-program quality special plan is in place in one step

Introduction

Since the launch of WeChat Mini Programs in 2017, it has achieved rapid user growth with its open and convenient product features. With the advancement of the digital transformation of the financial industry and the rise of mobile network services in recent years, Mini Programs have become one of the important carriers for serving users in banking, insurance, securities trading and other financial scenarios.
Application of Mini Programs in the Financial Field:
1. Fast and convenient, lowering the threshold for users to handle related businesses;
2. Open up online and offline service scenarios and build a closed loop of scenarios;
3. Improve offline service efficiency and help new customers acquire online;
4. Integrate traffic portals and build a financial ecosystem.

Due to the high sensitivity and transaction nature of financial services, and the complexity and security risks of mobile devices, the industry and users have put forward higher quality and security requirements for financial mobile products. Based on years of experience in quality assurance of small programs, Tencent WeTest has recently launched a new special program for small program quality, which combines compatibility, server performance, security testing and other services to comprehensively improve the stability and security protection capabilities of financial products and help the digital construction of the financial industry.

01

Risks faced by financial mini-programs

Although WeChat Mini Programs have natural security protection capabilities, due to improper development, lack of in-depth testing, and black and gray attacks, the risk factors faced by Mini Programs have gradually increased. At the same time, the sensitivity of the industry and the large user base have also brought more severe industry challenges to financial mini-programs.

Performance quality issues:
The financial industry needs to face a huge user group, and the mobile device models and operating systems it faces are also complex. During the use of Mini Programs, once there are quality problems such as compatibility exceptions, server unresponsiveness, and loading freezes, it will directly affect the retention and conversion of users.

Security Risk:
Unprotected mini-programs can easily become the target of criminals. Black products can use illegal means such as machine registration, batch login, and fake devices to "smash the wool", which greatly reduces the marketing and drainage effect of financial customers by 50%-80%. of marketing dollars may be wasted as a result. In addition, the core code is stolen for counterfeiting by means of reverse engineering, and malicious code such as advertising plug-ins is implanted, resulting in the emergence of a large number of copycat mini-programs, which has a serious impact on the brand image.

In addition to the above risks, the biggest risk faced by financial mini-programs is the large amount of user privacy information involved in the interaction between the mini-program and financial customer data, massive real data such as internal corporate data, and core data such as inadvertent user privacy. Being crawled and used for other purposes will bring economic losses, public opinion risks, and may even have an irreversible impact on the corporate image.

02

Tencent WeTest Mini Program Quality Solution

The Tencent WeTest security service team conducted a security diagnosis on nearly ten financial applets last year, and found that these applets generally have the risk that the code can be reversely analyzed and exploited, and some of them also have the risk of encryption key/token leakage and user Information security issues.

In response to the problems in the financial industry, Tencent WeTest provides one-stop quality special solutions such as expert compatibility testing, server performance testing, and mini-program security based on industry needs. Periodic quality assurance services.

The applet is compatible with:
Tencent WeTest test experts customize the applet compatibility test service, perform the test manually, strictly follow the Tencent test standard process, cover the general models in the market to perform concurrent testing, and cover the typical scenarios such as abnormal interruption and sharing according to the characteristics of financial applet, and record JS Error, first screen loading and other specific data to restore compatibility/performance problems that may occur when real users use it. Improve the quality of financial mini-program products according to industry requirements to ensure the stable operation of the business system.

Small program stress test:
Mini-program stress testing can effectively gain insight into stress interfaces, provide millions of concurrent and distributed stress sources, support the construction of single-scenario and mixed-scenario stress testing, assist in evaluating the financial system’s ability to support the highest passenger flow, analyze potential performance bottleneck scenarios in the system, and provide Optimization.

Mini Program Security:
Integrate services such as mini-program security scanning, mini-program security penetration, and mini-program security reinforcement, dig deep into security issues, cover comprehensively, and perform well in security architecture capabilities.

Automated security scans to quickly troubleshoot risks:
Tencent WeTest applet security scanning covers front-end code security and API usage specifications, business GGI and WEB framework risk testing, including mainstream WEB attack methods such as SQL injection, XSS cross-site scripting, directory traversal, and information leakage.

Penetration testing discloses security risks in advance:
Tencent WeTest provides penetration testing specifically for small programs. On the basis of mastering the WeChat applet system architecture, it uses an exclusive self-developed test attack to penetrate the WeChat Native layer and V8 scripting engine in the form of a simulated hacker attack to fully detect and advance in advance. Various security risks such as business data leakage, currency theft, asset damage, and data tampering.

Code security hardening reduces reverse risk:
Tencent WeTest Applet Reinforcement Encrypts the front-end code of the applet without changing the source code, and only needs to transmit the code (path or file) to the encryption tool to realize string encryption, attribute encryption, call conversion, and code obfuscation and many other protection measures to improve the difficulty for attackers to analyze the logic of H5 front-end code.

END

Epilogue
Due to the particularity of the industry, the development of bank mini-programs still has a long way to go, especially when the development of the global financial industry is facing the challenges of the economic cycle, the industry cycle and the technology cycle. Changes are taking place. As a new decentralized application model in the mature stage of mobile Internet development, mini programs have created more possibilities for financial enterprises to connect with users.

Tencent WeTest, as an industry-leading quality cloud service provider, will continue to develop mini-program service scenarios in the future, providing enterprise users with a multi-integrated mini-program quality service system such as security diagnosis, performance stress testing, and exception monitoring, and laying a solid foundation for mini-program scenarios. Facility base to help brand traffic construction and growth.

If you have business needs, welcome to consult

About Tencent WeTest

Tencent WeTest is a one-stop quality open platform officially launched by Tencent. With more than ten years of experience in quality management, we are committed to the construction of quality standards and the improvement of product quality. Tencent WeTest provides mobile developers with excellent R&D tools such as compatibility testing, cloud real machine, performance testing, security protection, etc., and provides solutions for more than 100 industries, covering the testing needs of products in various stages of R&D and operation, and has experienced thousands of products. . Gold expert team, through 5 major dimensions, 41 indicators, 360-degree guarantee of your product quality.