STATIC SECURITY ANALYSER FOR ANDROID APPLICATION
Nowadays smartphone is part of our daily life. We use applications every day, from social media, communication, banking, etc. Each application usually uses our personal data such as name, birthday, address, etc. That information is our private dataandmustonlybeknownbyus...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/26668 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Nowadays smartphone is part of our daily life. We use applications every day, from social media, communication, banking, etc. Each application usually uses our personal data such as name, birthday, address, etc. That information is our private dataandmustonlybeknownbyus and the service provider. However, the development of mobile application itself does not consider the security aspect. There willbepossibilityofdatatheftandsecuritybreachasaresult of not considering security aspect on development of mobile application. To address this issue, there are several solutions that can be used, such as implementing the secure software development process, testing the security aspect, conducting code review or code analysis, both dynamic testing and static analysis. <br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
In this paper, the solution proposed is test the security aspect by using staticanalysistechnique. Static analysis is part of code review in software development process. This solution is good enough, because it is done in early process of application development, so that can prevent common bad practice occur. But, the solution is not enough to make a completely secure application. This solution is one of many solutions in developing secure mobile application. In this paper we create tool for helping code review for security aspect using static analysis techniques. The toolwillbeintegratedwiththeofficialIDEfordevelopingAndroidApplication, Android Studio.ThetoolisdevelopedbyextendingtheCodeInspectiontoolsonAndroidStudio for checking security aspect, specifically for Insecure Data Storage aspect, Insecure Communication aspect, and insufficient Cryptography aspect.Thetoolisdesignedtoeasilyadd, update, or delete rules, so that the tool can still detect latest vulnerabilities or bad practices. |
|---|