Automatic PoC generation for Android app vulnerability
Vulnerabilities in mobile applications are becoming more and more common in this fast-paced world where almost everyone possesses a mobile phone. Therefore, using various static analysis tools for scanning of mobile applications helps in identifying potential security vulnerabilities that are hidden...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/153228 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Vulnerabilities in mobile applications are becoming more and more common in this fast-paced world where almost everyone possesses a mobile phone. Therefore, using various static analysis tools for scanning of mobile applications helps in identifying potential security vulnerabilities that are hidden within applications.
This project describes the process of leveraging the static analysis tools/frameworks: Mobile Security Framework (MobSF), AndroBugs, and FlowDroid to scan 3rd party APKs to generate Proof of Concept code from each scanning tool, so as to identify the various vulnerabilities in mobile applications. Thereafter, we proceed on to analyse the data set and filter results that are significant and likely to be considered as security vulnerabilities. Using the filtered data, we can then visualize in the form of charts and carry out statistical analysis to determine trends and commonly found vulnerabilities amongst the list of APKs scanned.
Lastly, we can consider both the results obtained by the scanning tools as well as their scanning performances to compare all 3 tools and determine the most efficient tool to be used for scanning of mobile application vulnerabilities. Further discussion can be carried out which focuses on using more scanning tools improve the reliability of the results for future works. |
|---|