Secure Mobile Software Development with Vulnerability Detectors in Static Code Analysis

2018 International Symposium on Networks, Computers and Communications (ISNCC) Pub Date : 2018-06-01 DOI:10.1109/ISNCC.2018.8531071

Xianyong Meng, K. Qian, D. Lo, P. Bhattacharya, Fan Wu

{"title":"Secure Mobile Software Development with Vulnerability Detectors in Static Code Analysis","authors":"Xianyong Meng, K. Qian, D. Lo, P. Bhattacharya, Fan Wu","doi":"10.1109/ISNCC.2018.8531071","DOIUrl":null,"url":null,"abstract":"The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of our software, and militate the consequence of damages of data loss caused by potential malicious attacking. However, many software developer professionals lack the necessary security knowledge and skills at the development stage and Secure Mobile Software Development (SMSD) is not yet well represented in current computing curriculum. In this paper we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We categorized the common mobile vulnerability for developers based on OWASP mobile security recommendations and developed detectors to meet the SMSD needs in industry and education.","PeriodicalId":313846,"journal":{"name":"2018 International Symposium on Networks, Computers and Communications (ISNCC)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Symposium on Networks, Computers and Communications (ISNCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISNCC.2018.8531071","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of our software, and militate the consequence of damages of data loss caused by potential malicious attacking. However, many software developer professionals lack the necessary security knowledge and skills at the development stage and Secure Mobile Software Development (SMSD) is not yet well represented in current computing curriculum. In this paper we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We categorized the common mobile vulnerability for developers based on OWASP mobile security recommendations and developed detectors to meet the SMSD needs in industry and education.

查看原文本刊更多论文

静态代码分析中使用漏洞检测器的安全移动软件开发

移动应用面临的安全威胁呈爆炸式增长。移动应用程序的缺陷和安全缺陷可能为黑客轻易攻击移动应用程序敞开大门。安全软件开发必须在开发生命周期的早期进行处理，而不是在受到攻击后修复安全漏洞。及早消除可能存在的安全漏洞，有助我们提高软件的安全性，并减低因潜在的恶意攻击而造成资料遗失损害的后果。然而，许多软件开发人员在开发阶段缺乏必要的安全知识和技能，安全移动软件开发(SMSD)在当前的计算机课程中尚未得到很好的体现。在本文中，我们提出了一种基于开源FindSecurityBugs插件的静态安全分析方法。我们根据OWASP移动安全建议对开发人员常见的移动漏洞进行了分类，并开发了检测器，以满足工业和教育中的SMSD需求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 International Symposium on Networks, Computers and Communications (ISNCC)

自引率

0.00%

发文量