Details

Autor(en) / Beteiligte

• Borja, Thomás
• Benalcázar, Marco E.
• Valdivieso Caraguay, Ángel Leonardo
• Barona López, Lorena Isabel

Titel

Risk Analysis and Android Application Penetration Testing Based on OWASP 2016

Ist Teil von

• Information Technology and Systems, p.461-478

Ort / Verlag

Cham: Springer International Publishing

Link zum Volltext

Quelle

Alma/SFX Local Collection

Beschreibungen/Notizen

• Mobile Applications have become part of our daily lives so that almost every web or desktop application can be executed from a smartphone, i.e., social networking, Internet shopping, on-line banking, gaming applications, among others. Furthermore, most of the existing mobile applications in digital stores are Android-based applications. Security in these kinds of applications is an issue that must be addressed because they handle sensitive personal information exposed to be exploited or misused by malicious agents. In this context, we have performed a complete security penetration testing on several Android applications following the most common risks according to OWASP mobile 2016 and using different tools such as Drozer, Dex2jar, Android Debug Bridge, among others. We describe the vulnerability, type of attack, application analyzed, and external tools used for each scenario. Once the vulnerabilities are exposed, we show a summary of the performed attacks, a risk analysis, and provide security recommendations for each layout. This work’s novelty is the provisioning of a risk matrix that resumes each attack’s main points and the whole vulnerability analysis in mobile devices, as it does not exist on the official site of OWASP.