OPIA: A Tool for On-Device Testing of Vulnerabilities in Android Applications

2019 IEEE International Conference on Software Maintenance and Evolution (ICSME) Pub Date : 2019-09-01 DOI:10.1109/ICSME.2019.00073

Laura Bello-Jiménez, Alejandro Mazuera-Rozo, M. Linares-Vásquez, G. Bavota

引用次数: 6

Abstract

Mobile developers constantly have to deal with users pressure for continuous delivery of apps while keeping quality attributes such as confidentiality and data integrity. To better support developers in testing security vulnerabilities during evolution and maintenance of mobile apps, in this demo we present a novel tool, OPIA, for on-device security testing. OPIA allows developers/testers to (i) conduct SQL-injection attacks and collect logs to identify leaks of sensitive information through record-and-replay testing, and (ii) extract data stored in local databases and shared preferences to identify sensitive information that is not properly encrypted, anonymized. OPIA is publicly available at GitHub.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

OPIA: Android应用的设备漏洞测试工具

手机开发者必须不断应对用户的压力，在保证保密性和数据完整性等质量属性的同时持续交付应用。为了更好地支持开发人员在移动应用的发展和维护过程中测试安全漏洞，在这个演示中，我们展示了一个用于设备上安全测试的新工具，OPIA。OPIA允许开发人员/测试人员(i)执行sql注入攻击并收集日志，通过记录和重放测试来识别敏感信息泄漏，以及(ii)提取存储在本地数据库和共享首选项中的数据，以识别未正确加密和匿名的敏感信息。OPIA在GitHub上是公开的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2019 IEEE International Conference on Software Maintenance and Evolution (ICSME)

自引率

0.00%

发文量

期刊最新文献

Same App, Different Countries: A Preliminary User Reviews Study on Most Downloaded iOS Apps Towards Better Understanding Developer Perception of Refactoring Decomposing God Classes at Siemens Self-Admitted Technical Debt Removal and Refactoring Actions: Co-Occurrence or More? A Validation Method of Self-Adaptive Strategy Based on POMDP