Abstract
The popularity of mobile devices has caused them to become indispensable to, and because of increasing dependency on mobile devices following sharp growth in mobile device applications, effective security testing specifications have become essential. However, developers do not prioritize security during mobile application development, causing unscrupulous individuals to exploit loopholes or vulnerabilities in the applications or develop malicious applications to steal sensitive user data, resulting in user information leakage and financial losses. The security specifications for mobile device applications in Taiwan regarding data authorization, data storage, data protection, transmission protocol, transmission protection, application execution, application security, system execution, and system security remain inadequate. Mobile device testing specifications were analyzed in this study, and the specification priorities of documents across countries were categorized. The Open Web Application Security Project and National Institute of Standards and Technology were used as the specification standard with the Cloud Security Alliance’s white paper on mobile device specifications to provide more complete security testing specifications for mobile applications. Recommendations were provided based on the testing procedures, improvement methods, and risk assessment of the test items to reduce personal information leakage and financial losses.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
OWASP Top 10 Proactive Controls (2016), https://www.owasp.org/images/5/57/OWASP_Proactive_Controls_2.pdf
Introduction to NIST, https://www.nist.gov/about-nist/our-organization
Introduction to the Industrial Development Bureau, Ministry of Economic Affairs, https://www.moeaidb.gov.tw/external/view/rwd_tw/intro/index01.html
Introduction to the National Communications Commission, http://www.ncc.gov.tw/chinese/content.aspx?site_content_sn=2255&is_history=0
Introduction to Cloud Security Alliance, http://www.twcsa.org
Smith, M.: Computer Security-Threats, Vulnerabilities and Countermeasures, Information Age, pp. 205–210, October 1989
National Communications: 2015 Report on Information Security Inspection of Built-in Software for Mobile Phone Systems 104 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Lin, HY., Chang, HC., Su, YC. (2018). The Study of Improvement and Risk Evaluation for Mobile Application Security Testing. In: Peng, SL., Wang, SJ., Balas, V., Zhao, M. (eds) Security with Intelligent Computing and Big-data Services. SICBS 2017. Advances in Intelligent Systems and Computing, vol 733. Springer, Cham. https://doi.org/10.1007/978-3-319-76451-1_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-76451-1_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76450-4
Online ISBN: 978-3-319-76451-1
eBook Packages: EngineeringEngineering (R0)