Sie befinden Sich nicht im Netzwerk der Universität Paderborn. Der Zugriff auf elektronische Ressourcen ist gegebenenfalls nur via VPN oder Shibboleth (DFN-AAI) möglich. mehr Informationen...
Risk Analysis and Android Application Penetration Testing Based on OWASP 2016
Ist Teil von
Information Technology and Systems, p.461-478
Ort / Verlag
Cham: Springer International Publishing
Link zum Volltext
Quelle
Alma/SFX Local Collection
Beschreibungen/Notizen
Mobile Applications have become part of our daily lives so that almost every web or desktop application can be executed from a smartphone, i.e., social networking, Internet shopping, on-line banking, gaming applications, among others. Furthermore, most of the existing mobile applications in digital stores are Android-based applications. Security in these kinds of applications is an issue that must be addressed because they handle sensitive personal information exposed to be exploited or misused by malicious agents. In this context, we have performed a complete security penetration testing on several Android applications following the most common risks according to OWASP mobile 2016 and using different tools such as Drozer, Dex2jar, Android Debug Bridge, among others. We describe the vulnerability, type of attack, application analyzed, and external tools used for each scenario. Once the vulnerabilities are exposed, we show a summary of the performed attacks, a risk analysis, and provide security recommendations for each layout. This work’s novelty is the provisioning of a risk matrix that resumes each attack’s main points and the whole vulnerability analysis in mobile devices, as it does not exist on the official site of OWASP.