A Suggested Model for Mobile Application Penetration Test Framework

2021 International Conference on Information Security and Cryptology (ISCTURKEY) Pub Date : 2021-12-02 DOI:10.1109/ISCTURKEY53027.2021.9654417

Berkecan Özgür, I. Dogru, Goksel Uctu, Mustafa Alkan

{"title":"A Suggested Model for Mobile Application Penetration Test Framework","authors":"Berkecan Özgür, I. Dogru, Goksel Uctu, Mustafa Alkan","doi":"10.1109/ISCTURKEY53027.2021.9654417","DOIUrl":null,"url":null,"abstract":"Along with technological developments in the mobile environment, mobile devices are used in many areas like banking, social media and communication. The common characteristic of applications in these fields is that they contain personal or financial information of users. These types of applications are developed for Android or IOS operating systems and have become the target of attackers. To detect weakness, security analysts, perform mobile penetration tests using security analysis tools. These analysis tools have advantages and disadvantages to each other. Some tools can prioritize static or dynamic analysis, others not including these types of tests. Within the scope of the current model, we are aim to gather security analysis tools under the penetration testing framework, also contributing analysis results by data fusion algorithm. With the suggested model, security analysts will be able to use these types of analysis tools in addition to using the advantage of fusion algorithms fed by analysis tools outputs.","PeriodicalId":383915,"journal":{"name":"2021 International Conference on Information Security and Cryptology (ISCTURKEY)","volume":"146 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Information Security and Cryptology (ISCTURKEY)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCTURKEY53027.2021.9654417","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Along with technological developments in the mobile environment, mobile devices are used in many areas like banking, social media and communication. The common characteristic of applications in these fields is that they contain personal or financial information of users. These types of applications are developed for Android or IOS operating systems and have become the target of attackers. To detect weakness, security analysts, perform mobile penetration tests using security analysis tools. These analysis tools have advantages and disadvantages to each other. Some tools can prioritize static or dynamic analysis, others not including these types of tests. Within the scope of the current model, we are aim to gather security analysis tools under the penetration testing framework, also contributing analysis results by data fusion algorithm. With the suggested model, security analysts will be able to use these types of analysis tools in addition to using the advantage of fusion algorithms fed by analysis tools outputs.

查看原文本刊更多论文

移动应用渗透测试框架的建议模型

随着移动环境的技术发展，移动设备被用于许多领域，如银行、社交媒体和通信。这些领域的应用程序的共同特点是包含用户的个人或财务信息。这些类型的应用程序是针对Android或IOS操作系统开发的，已经成为攻击者的目标。为了检测弱点，安全分析师使用安全分析工具执行移动渗透测试。这些分析工具各有优缺点。有些工具可以优先考虑静态或动态分析，有些则不包括这些类型的测试。在现有模型的范围内，我们的目标是在渗透测试框架下收集安全分析工具，并通过数据融合算法提供分析结果。有了建议的模型，除了利用分析工具输出提供的融合算法的优势外，安全分析师将能够使用这些类型的分析工具。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 International Conference on Information Security and Cryptology (ISCTURKEY)

自引率

0.00%

发文量