OPIA: Android应用的设备漏洞测试工具

2019 IEEE International Conference on Software Maintenance and Evolution (ICSME) Pub Date : 2019-09-01 DOI:10.1109/ICSME.2019.00073

Laura Bello-Jiménez, Alejandro Mazuera-Rozo, M. Linares-Vásquez, G. Bavota

{"title":"OPIA: Android应用的设备漏洞测试工具","authors":"Laura Bello-Jiménez, Alejandro Mazuera-Rozo, M. Linares-Vásquez, G. Bavota","doi":"10.1109/ICSME.2019.00073","DOIUrl":null,"url":null,"abstract":"Mobile developers constantly have to deal with users pressure for continuous delivery of apps while keeping quality attributes such as confidentiality and data integrity. To better support developers in testing security vulnerabilities during evolution and maintenance of mobile apps, in this demo we present a novel tool, OPIA, for on-device security testing. OPIA allows developers/testers to (i) conduct SQL-injection attacks and collect logs to identify leaks of sensitive information through record-and-replay testing, and (ii) extract data stored in local databases and shared preferences to identify sensitive information that is not properly encrypted, anonymized. OPIA is publicly available at GitHub.","PeriodicalId":106748,"journal":{"name":"2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"OPIA: A Tool for On-Device Testing of Vulnerabilities in Android Applications\",\"authors\":\"Laura Bello-Jiménez, Alejandro Mazuera-Rozo, M. Linares-Vásquez, G. Bavota\",\"doi\":\"10.1109/ICSME.2019.00073\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Mobile developers constantly have to deal with users pressure for continuous delivery of apps while keeping quality attributes such as confidentiality and data integrity. To better support developers in testing security vulnerabilities during evolution and maintenance of mobile apps, in this demo we present a novel tool, OPIA, for on-device security testing. OPIA allows developers/testers to (i) conduct SQL-injection attacks and collect logs to identify leaks of sensitive information through record-and-replay testing, and (ii) extract data stored in local databases and shared preferences to identify sensitive information that is not properly encrypted, anonymized. OPIA is publicly available at GitHub.\",\"PeriodicalId\":106748,\"journal\":{\"name\":\"2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSME.2019.00073\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSME.2019.00073","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

摘要

手机开发者必须不断应对用户的压力，在保证保密性和数据完整性等质量属性的同时持续交付应用。为了更好地支持开发人员在移动应用的发展和维护过程中测试安全漏洞，在这个演示中，我们展示了一个用于设备上安全测试的新工具，OPIA。OPIA允许开发人员/测试人员(i)执行sql注入攻击并收集日志，通过记录和重放测试来识别敏感信息泄漏，以及(ii)提取存储在本地数据库和共享首选项中的数据，以识别未正确加密和匿名的敏感信息。OPIA在GitHub上是公开的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

OPIA: A Tool for On-Device Testing of Vulnerabilities in Android Applications

Mobile developers constantly have to deal with users pressure for continuous delivery of apps while keeping quality attributes such as confidentiality and data integrity. To better support developers in testing security vulnerabilities during evolution and maintenance of mobile apps, in this demo we present a novel tool, OPIA, for on-device security testing. OPIA allows developers/testers to (i) conduct SQL-injection attacks and collect logs to identify leaks of sensitive information through record-and-replay testing, and (ii) extract data stored in local databases and shared preferences to identify sensitive information that is not properly encrypted, anonymized. OPIA is publicly available at GitHub.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)

自引率

0.00%

发文量