Академический Документы
Профессиональный Документы
Культура Документы
21-07-2013
Mobile applications are developed for almost every activity, which initially were developed for web based.
21-07-2013
With varying physical devices, operation systems and architecture, do the same with the mobile
Dynamic Analysis of the Mobile Application, with Android as Operating System Mercury is the Framework used here to perform the Dynamic Analysis.
21-07-2013
The Analysis reports the interconnectivity and actions of the individual application that resides in the mobile device.
3
Mercury provides a wide range of commands for investigating the security posture of an Android app. These are presented as modules in the console.
21-07-2013
Example : Analysis of BAJAJ FINSERVinteractive This LENDING Mobile Application application gives you easy
Analysis of BAJAJ FINSERV LENDING This application has only two Mobile Application
permissions: Internet Access to Network State This is a Web based Application: It is accessible through Mobile Browser. It Interfaces with External Servers. This Application doesnt have any Content Providers and hence no content is exported or shared with other applications. The application connects to the server via mobile and all the data resides in the 21-07-2013 server.
21-07-2013
OWASP Mobile Security Project The work is in line with the OWASP (Open Web Application Security Project ) Mobile Security Project.
21-07-2013
This is an open project, in which many developers, experts are included globally to describe and develop the standards and common methodologies to test the application software security
OWASP TOP 10 Mobile Risks OWASP provides a list of Mobile risks for every
alternate year. If these risks are covered, it implies that, more than 90% of security concerns are covered. M1: Insecure Data Storage
M2: Weak Server Side Controls M3: Insufficient Transport Layer Protection M4: Client Side Injection M5: Poor Authorization and Authentication M6: Improper Session Handling M7: Security Decisions Via Untrusted Inputs M8: Side Channel Data Leakage M9: Broken Cryptography M10: Sensitive Information
21-07-2013
Mercury Framework
Burp Suite
21-07-2013
10
Work done till date: Studied and Analyzed MERCURY Framework to perform Dynamic Analysis over Mobile Applications. (Android Specific) Dynamic Analysis on Samsung Galaxy II, with Android OS. Exposed interconnectivity issues within the applications. Future Work: Trying to analyze more tools from HP and IBM.
21-07-2013
11