Mobile Application Security Platforms Survey

Nowadays Smartphone and other mobile devices have become incredibly important in every aspect of our life. Because they have practically offered same capabilities as desktop workstations as well as come to be powerful in terms of CPU (Central processing Unit), Storage and installing numerous applications. Therefore, Security is considered as an important factor in wireless communication technologies, particularly in a wireless ad-hoc network and mobile operating systems. Moreover, based on increasing the range of mobile application within variety of platforms, security is regarded as on the most valuable and considerable debate in terms of issues, trustees, reliabilities and accuracy. This paper aims to introduce a consolidated report of thriving security on mobile application platforms and providing knowledge of vital threats to the users and enterprises. Furthermore, in this paper, various techniques as well as methods for security measurements, analysis and prioritization within the peak of mobile platforms will be presented. Additionally, increases understanding and awareness of security on mobile application platforms to avoid detection, forensics and countermeasures used by the operating systems. Finally, this study also discusses security extensions for popular mobile platforms and analysis for a survey within a recent research in the area of mobile platform security

DroidNet: An Android Application Security Framework through Crowdsourcing

In the current Android architecture, users have to decide whether an app is safe to use or not by themselves. Savvy users can make correct decisions to avoid unnecessary privacy breaches, however most users are not capable or do not care to make impactful decisions. To assist those users, we propose DroidNet, an Android permission control framework based on crowdsourcing. In this framework, DroidNet runs new apps and their permissions initially, and then collects data based on each individual user’s settings in regards to each permission unique to every installed app. After collecting each user’s data, DroidNet provides recommendations on whether to accept or reject the permission requests based on decisions from peer expert users. To seek expert users, we utilize an expertise ranking algorithm using a transitional Bayesian inference model. The recommendation, respective to each application permission, is based on the aggregated expert responses and our generated confidence level, which are collectively stored and sorted in our DroidNet database. The overall culmination of the model resulted in the creation of a real-time Android application which utilizes our Bayesian inference model and aggregate data from each individual user, all of which is connected to our DroidNet database.https://scholarscompass.vcu.edu/capstone/1173/thumbnail.jp

Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand

One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment

APPLICATION SECURITY TESTING

This report describes the work that was done throughout the internship at VOID software to finish the Master’s degree in Cybersecurity and Digital Forensics. During this internship two main projects were implemented: the first one had to do with the development of a new Graphical User Interface for the Wazuh system and the modification of its architecture by replacing the components that belong to the Elastic stack; the second one was related to setting up the Wazuh system within the VOID headquarters to monitor some of the servers which are used for the projects in development. The main goals of these projects were to learn about the Wazuh system, develop a Graphical User Interface for this system and to setup and use the Wazuh system to monitor hosts that belong to the organisation. By the end of this internship a Graphical User Interface (GUI) was developed and the Wazuh system was deployed and is currently working within the VOID organisation

The approaches to quantify web application security scanners quality: A review

The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality

Website Application Security Scanner Using Local File Inclusion and Remote File Inclusion

Today many web-based applications developed to be accessible via the internet. The problem that often occurs is commonly found on web application vulnerabilities. Many application developers often ignore security issues when developing applications that can cause substantial losses if a hacker manages to gain access to the system. A hacker can replace web pages, obtain sensitive information, or even take over control of the website. For that reason there is a need for applications that can help developers to overcome these problems. This application is expected to detect the vulnerabilities that exist on a website. Existing processes include: The process of crawling to get the whole link from target websites, attacking process is useful for testing the attacks, and the last is the process of displaying a report about the security hole on the website. This application is developed using Microsoft Visual C # 2010. Based on the results of tests made on this application, it can be concluded that the application can detect vulnerabilities in the website and report any form of link that has a security hole on the website

Machine Learning in Application Security

Security threat landscape has transformed drastically over a period of time. Right from viruses, trojans and Denial of Service (DoS) to the newborn malicious family of ransomware, phishing, distributed DoS, and so on, there is no stoppage. The phenomenal transformation has led the attackers to have a new strategy born in their attack vector methodology making it more targeted—a direct aim towards the weakest link in the security chain aka humans. When we talk about humans, the first thing that comes to an attacker\u27s mind is applications. Traditional signature‐based techniques are inadequate for rising attacks and threats that are evolving in the application layer. They serve as good defences for protecting the organisations from perimeter and endpoint‐driven attacks, but what needs to be focused and analysed is right at the application layer where such defences fail. Protecting web applications has its unique challenges in identifying malicious user behavioural patterns being converted into a compromise. Thus, there is a need to look at a dynamic and signature‐independent model of identifying such malicious usage patterns within applications. In this chapter, the authors have explained on the technical aspects of integrating machine learning within applications in detecting malicious user behavioural pattern

Android Application Security Scanning Process

This chapter presents the security scanning process for Android applications. The aim is to guide researchers and developers to the core phases/steps required to analyze Android applications, check their trustworthiness, and protect Android users and their devices from being victims to different malware attacks. The scanning process is comprehensive, explaining the main phases and how they are conducted including (a) the download of the apps themselves; (b) Android application package (APK) reverse engineering; (c) app feature extraction, considering both static and dynamic analysis; (d) dataset creation and/or utilization; and (e) data analysis and data mining that result in producing detection systems, classification systems, and ranking systems. Furthermore, this chapter highlights the app features, evaluation metrics, mechanisms and tools, and datasets that are frequently used during the app’s security scanning process

Database and database application security

This paper focuses on the emerging importance of database and application security, textbooks and other supplementary materials to teach these topics and where to place these topics in a curriculum. The paper emphasizes 1) the growing concerns of database technologies and database applications, 2) existing books and supporting materials, and 3) and Zayed University\u27s approach to teaching these topics. At Zayed, we incorporate database and database application security in two different courses. © 2009 ACM