Uma Abordagem para Testes de Segurança em Aplicações Android
Abstract
Like any other software, applications on the Android operating system can present compromising vulnerabilities, such as those listed by the OWASP Mobile Top 10. Even with the efforts of security professionals, it is still difficult to find standardized documentation of the techniques used so that software testers can reproduce them. them. For this reason, it is necessary to apply a security testing methodology that has a formalization, and ISO 829 was chosen for this purpose in this article, along with OWASP verification guides: MASVS and MASTG. The tests especially address the static and dynamic contexts to check for these vulnerabilities. With the analysis of each vulnerability, it was possible to notice that a good part of them were caused by bad programming practices, which can be corrected following recommendations of an OWASP guide specialized in good practices of code development.
References
Aljabri, M., Aldossary, M., Al-Homeed, N., Alhetelah, B., Althubiany, M., Alotaibi, O., and Alsaqer, S. (2022). Testing and exploiting tools to improve owasp top ten security vulnerabilities detection. In 2022 14th International Conference on Computational Intelligence and Communication Networks (CICN), pages 797–803. IEEE.
Grossman, J., Eng, C., Spitler, R., and Wood, M. (2009). Static dynamic analysis for web applications. [link].
IEEE (2008). IEEE standard for software test documentation. IEEE 829:2008.
Kohli, N. and Mohaghegh, M. (2020). Security testing of android based covid tracer applications. In 2020 IEEE Asia-Pacific Conference on Computer Science and Data Engineering (CSDE), pages 1–6. IEEE.
Manico, J. and et al., J. M. (2023). Owasp cheat sheet series. [link]. Acessado: 2023-06-21.
OWASP (2022). Owasp mobile application security testing guide (mastg). [link]. Acessado: 2023-06-21.
OWASP (2023). Owasp mobile application security verification standard (masvs). [link]. Acessado: 2023-06-21.
Priambodo, D. F., Ajie, G. S., Rahman, H. A., Nugraha, A. C. F., Rachmawati, A., and Avianti, M. R. (2022). Mobile health application security assesment based on owasp top 10 mobile vulnerabilities. In 2022 International Conference on Information Technology Systems and Innovation (ICITSI), pages 25–29. IEEE.
Silva, L. O. (2022). Testes de segurança em aplicações android baseados na metodologia owasp. Repositório Institucional da Universidade Federal do Ceará - UFC.
