Automatic PoC generation for Android app vulnerability
Vulnerabilities in mobile applications are becoming more and more common in this fast-paced world where almost everyone possesses a mobile phone. Therefore, using various static analysis tools for scanning of mobile applications helps in identifying potential security vulnerabilities that are hidden...
Saved in:
| 主要作者: | |
|---|---|
| 其他作者: | |
| 格式: | Final Year Project |
| 語言: | English |
| 出版: |
Nanyang Technological University
2021
|
| 主題: | |
| 在線閱讀: | https://hdl.handle.net/10356/153228 |
| 標簽: |
添加標簽
沒有標簽, 成為第一個標記此記錄!
|
| 機構: | Nanyang Technological University |
| 語言: | English |
| 總結: | Vulnerabilities in mobile applications are becoming more and more common in this fast-paced world where almost everyone possesses a mobile phone. Therefore, using various static analysis tools for scanning of mobile applications helps in identifying potential security vulnerabilities that are hidden within applications.
This project describes the process of leveraging the static analysis tools/frameworks: Mobile Security Framework (MobSF), AndroBugs, and FlowDroid to scan 3rd party APKs to generate Proof of Concept code from each scanning tool, so as to identify the various vulnerabilities in mobile applications. Thereafter, we proceed on to analyse the data set and filter results that are significant and likely to be considered as security vulnerabilities. Using the filtered data, we can then visualize in the form of charts and carry out statistical analysis to determine trends and commonly found vulnerabilities amongst the list of APKs scanned.
Lastly, we can consider both the results obtained by the scanning tools as well as their scanning performances to compare all 3 tools and determine the most efficient tool to be used for scanning of mobile application vulnerabilities. Further discussion can be carried out which focuses on using more scanning tools improve the reliability of the results for future works. |
|---|