Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ IEEE Accessarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
IEEE Access
Article . 2021 . Peer-reviewed
License: CC BY
Data sources: Crossref
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
IEEE Access
Article
License: CC BY NC ND
Data sources: UnpayWall
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
IEEE Access
Article . 2021
Data sources: DOAJ
https://dx.doi.org/10.60692/xg...
Other literature type . 2021
Data sources: Datacite
https://dx.doi.org/10.60692/rf...
Other literature type . 2021
Data sources: Datacite
https://dx.doi.org/10.1109/acc...
Article
Data sources: Microsoft Academic Graph
 View all 4 versions
Claim

This Research product is the result of merged Research products in OpenAIRE.

You have already added 0 works in your ORCID record related to the merged Research product.

Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review

أطر الاختراق وقضايا التطوير في تطوير تطبيقات الهاتف المحمول الآمنة: مراجعة منهجية للأدبيات
descriptionPublicationkeyboard_double_arrow_right Article , Other literature type 01 Jan 2021Publisher:Institute of Electrical and Electronics Engineers (IEEE)Journal:IEEE Access, volume 9, pages 87,806-87,825 (eissn: 2169-3536, Copyright policy )
Authors: Ikram Ul Haq; Tamim Ahmed Khan;

doi: 10.1109/access.2021.3088229 , 10.60692/xggyb-s9q70 , 10.60692/rfhqh-tjs10

Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review

Abstract

La invención de los teléfonos inteligentes ha abierto un nuevo mercado para el desarrollo de aplicaciones móviles. Los desarrolladores aficionados de aplicaciones Android a menudo no poseen conocimiento de las últimas vulnerabilidades de Android y, por lo tanto, crean aplicaciones con superficie de ataque que los piratas informáticos explotan. En esta revisión de la literatura, se han analizado muchos marcos y técnicas disponibles utilizando el modelo de calidad de software ISO/IEC 25010 y se han identificado los desafíos que enfrentan los desarrolladores de Android al diseñar una aplicación segura para Android. Este documento también presenta una encuesta exhaustiva de diferentes herramientas de penetración, evaluadas mediante el uso de criterios como el análisis de código, la revisión de código, el análisis de vulnerabilidades, la explotación de vulnerabilidades, la carga útil y si estos se pueden utilizar en el modelado de vulnerabilidades durante la fase de diseño. Nuestro estudio identifica de manera efectiva los problemas y las brechas que pueden ayudar aún más a desarrollar un marco/herramienta para diseñar una aplicación móvil segura contra la penetración mediante la incorporación de todas las vulnerabilidades durante la fase de diseño utilizando un repositorio de vulnerabilidades de Android.

L'invention des smartphones a ouvert un nouveau marché pour le développement d'applications mobiles. Les développeurs d'applications Android amateurs ne possèdent souvent pas la connaissance des dernières vulnérabilités Android et créent ainsi des applications avec une surface d'attaque que les pirates exploitent. Dans cette revue de la littérature, de nombreux cadres et techniques disponibles ont été analysés à l'aide du modèle de qualité du logiciel ISO/IEC 25010 et ont identifié les défis auxquels les développeurs Android sont confrontés dans la conception d'une application sécurisée pour Android. Cet article présente également une étude complète des différents outils de pénétration, évalués à l'aide de critères tels que l'analyse du code, l'examen du code, l'analyse des vulnérabilités, l'exploitation des vulnérabilités, la charge utile et si ceux-ci peuvent être utilisés dans la modélisation des vulnérabilités pendant la phase de conception. Notre étude identifie efficacement les problèmes et les lacunes qui peuvent aider à développer un cadre/outil pour concevoir une application mobile sécurisée de pénétration en intégrant toutes les vulnérabilités pendant la phase de conception à l'aide d'un référentiel de vulnérabilités Android.

The invention of smartphones has opened a new market for mobile application development.Amateur android app developers often do not possess knowledge of the latest android vulnerabilities and thus create applications with attack surface that hackers exploit.In this literature review, many available frameworks and techniques have been analyzed using ISO/IEC 25010 software quality model and identified challenges that android developers face in designing a secure application for android.This paper also presents a comprehensive survey of different penetration tools, evaluated by using criteria such as code analysis, code review, vulnerability analysis, vulnerability exploit, payload and whether these can be used in vulnerability modeling during the design phase.Our study effectively identifies the issues and gaps which can further help develop a framework/tool for designing a penetration secure mobile application by embedding all the vulnerabilities during the design phase using an android vulnerability repository.

لقد فتح اختراع الهواتف الذكية سوقًا جديدًا لتطوير تطبيقات الهاتف المحمول. غالبًا ما لا يمتلك مطورو تطبيقات أندرويد الهواة معرفة بأحدث نقاط الضعف في نظام أندرويد، وبالتالي ينشئون تطبيقات ذات سطح هجوم يستغلها المتسللون. في مراجعة الأدبيات هذه، تم تحليل العديد من الأطر والتقنيات المتاحة باستخدام نموذج جودة برامج ISO/IEC 25010 وحددت التحديات التي يواجهها مطورو أندرويد في تصميم تطبيق آمن لنظام أندرويد. تقدم هذه الورقة أيضًا مسحًا شاملاً لأدوات الاختراق المختلفة، يتم تقييمها باستخدام معايير مثل تحليل التعليمات البرمجية، ومراجعة التعليمات البرمجية، وتحليل نقاط الضعف، واستغلال نقاط الضعف، والحمولة، وما إذا كان يمكن استخدامها في نمذجة نقاط الضعف أثناء مرحلة التصميم. تحدد دراستنا بشكل فعال المشكلات والثغرات التي يمكن أن تساعد في تطوير إطار/أداة لتصميم تطبيق محمول آمن لاختراق من خلال تضمين جميع نقاط الضعف أثناء مرحلة التصميم باستخدام مستودع نقاط الضعف في نظام أندرويد.

Related Organizations
Keywords

FOS: Computer and information sciences, Exploit, Mobile device, Web Application Security and Vulnerability Detection, Hacker, Vulnerability management, penetration testing, Characterization and Detection of Android Malware, Android, Android (operating system), Computer security, Psychology, android security and privacy, Psychological resilience, Automated Software Testing Techniques, Information security, Attack surface, Software security assurance, Computer science, TK1-9971, World Wide Web, FOS: Psychology, Operating system, Vulnerability assessment, Security service, Signal Processing, Computer Science, Physical Sciences, Psychotherapist, Security Analysis, Electrical engineering. Electronics. Nuclear engineering, Software, Information Systems, Application security

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 8
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Top 10%
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Top 10%
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Top 10%
Powered by OpenAIRE graph
Found an issue? Give us feedback
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
8
Top 10%
Top 10%
Top 10%
gold