SO{U}RCERER: Developer-Driven Security Testing Framework for Android Apps

Abstract: Frequently advised secure development recommendations often fall short in practice for app developers. Tooldriven (e.g., using static analysis tools) approaches lack context and domain-specific requirements of an app being tested. App developers struggle to find an actionable and prioritized list of vulnerabilities from a laundry list of security warnings reported by static analysis tools. Process-driven (e.g., applying threat modeling methods) approaches require substantial resources (e.g., security testing t… Show more