A Framework for Automated Security Testing of Android Applications on the Cloud

Malek, Sam; Esfahani, Naeem; Kacem, Thabet; Mahmood, Riyadh; Mirzaei, Nariman; Stavrou, Angelos

doi:10.1109/sere-c.2012.39

Cited by 8 publications

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Static analysis is to detect vulnerabilities in computer software by evaluating its source code without actually executing it [2]. The main static analysis methods are based on rules matching and compiling technology.…”

Section: B Static Nodementioning

confidence: 99%

Vulcloud: Scalable and Hybrid Vulnerability Detection in Cloud Computing

et al. 2013

2013 IEEE Seventh International Conference on Software Security and Reliability Companion

View full text Add to dashboard Cite

Vulnerability exploits will result in security breaches or violations of the system's security policy causing information leakage or economic losses. Although many detection methods such as static analysis, dynamic analysis and fuzz testing have been presented, the vulnerabilities are still difficult to detect. In this paper, we propose a new detection cloud service Vulcloud, which is scalable and hybrid combining the static, dynamic and fuzzing into cloud computing. Vulcloud first statically analyzes the objects and reports the potential vulnerable items. And then, the fuzzing cases for the items are semi-automated created, and tested under the dynamic monitoring. Finally, the source code of the results are statically analyzed again to determine whether they are vulnerabilities or not. The prototype of Vulcloud is implemented, and the performance is evaluated by Mplayer source code. The experiment results show that Vulcloud can detect vulnerabilities in software, and the challenges of storage and processing capabilities are resolved by cloud computing.

show abstract

Section: B Static Nodementioning

confidence: 99%

Vulcloud: Scalable and Hybrid Vulnerability Detection in Cloud Computing

et al. 2013

2013 IEEE Seventh International Conference on Software Security and Reliability Companion

View full text Add to dashboard Cite

show abstract

Features of software testing in the development of geographic information systems

Galimova

2020

E3S Web Conf.

View full text Add to dashboard Cite

In this article, the method of selecting a method of testing geographic information systems is proposed. Nowadays, thanks to advances in information technology new methods of data exchange, positioning technologies, improvements in spatial databases, there has been a significant leap in development of geographic information system. When choosing a testing method, it is recommended to take into account not only the financial component, but also the specific characteristics of the tested software system. A list of questions is developed by which qualitative properties of software systems are formalized. The list of questions is based on the ISO/IEC 25010:2011 model. The relevance of this work follows from the fact that new technologies of software development require new approaches to testing software systems. Properly developed testing technique improves the quality of geographic information systems created. Improving quality increases the competitiveness and demand of software products.

show abstract

Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review

Haq

Khan

2021

IEEE Access

View full text Add to dashboard Cite

The invention of smartphones has opened a new market for mobile application development. Amateur android app developers often do not possess knowledge of the latest android vulnerabilities and thus create applications with attack surface that hackers exploit. In this literature review, many available frameworks and techniques have been analyzed using ISO/IEC 25010 software quality model and identified challenges that android developers face in designing a secure application for android. This paper also presents a comprehensive survey of different penetration tools, evaluated by using criteria such as code analysis, code review, vulnerability analysis, vulnerability exploit, payload and whether these can be used in vulnerability modeling during the design phase. Our study effectively identifies the issues and gaps which can further help develop a framework/tool for designing a penetration secure mobile application by embedding all the vulnerabilities during the design phase using an android vulnerability repository.

show abstract

A Framework for Automated Security Testing of Android Applications on the Cloud

Cited by 8 publications

References 0 publications

Vulcloud: Scalable and Hybrid Vulnerability Detection in Cloud Computing

Vulcloud: Scalable and Hybrid Vulnerability Detection in Cloud Computing

Features of software testing in the development of geographic information systems

Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review

Contact Info

Product

Resources

About