Skip to main content
SpringerLink
Log in

The Study of Improvement and Risk Evaluation for Mobile Application Security Testing

  • Conference paper
  • First Online:
Security with Intelligent Computing and Big-data Services (SICBS 2017)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 733))

Abstract

The popularity of mobile devices has caused them to become indispensable to, and because of increasing dependency on mobile devices following sharp growth in mobile device applications, effective security testing specifications have become essential. However, developers do not prioritize security during mobile application development, causing unscrupulous individuals to exploit loopholes or vulnerabilities in the applications or develop malicious applications to steal sensitive user data, resulting in user information leakage and financial losses. The security specifications for mobile device applications in Taiwan regarding data authorization, data storage, data protection, transmission protocol, transmission protection, application execution, application security, system execution, and system security remain inadequate. Mobile device testing specifications were analyzed in this study, and the specification priorities of documents across countries were categorized. The Open Web Application Security Project and National Institute of Standards and Technology were used as the specification standard with the Cloud Security Alliance’s white paper on mobile device specifications to provide more complete security testing specifications for mobile applications. Recommendations were provided based on the testing procedures, improvement methods, and risk assessment of the test items to reduce personal information leakage and financial losses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. OWASP Top 10 Proactive Controls (2016), https://www.owasp.org/images/5/57/OWASP_Proactive_Controls_2.pdf

  2. Introduction to NIST, https://www.nist.gov/about-nist/our-organization

  3. Introduction to the Industrial Development Bureau, Ministry of Economic Affairs, https://www.moeaidb.gov.tw/external/view/rwd_tw/intro/index01.html

  4. Introduction to the National Communications Commission, http://www.ncc.gov.tw/chinese/content.aspx?site_content_sn=2255&is_history=0

  5. Introduction to Cloud Security Alliance, http://www.twcsa.org

  6. Smith, M.: Computer Security-Threats, Vulnerabilities and Countermeasures, Information Age, pp. 205–210, October 1989

    Google Scholar 

  7. National Communications: 2015 Report on Information Security Inspection of Built-in Software for Mobile Phone Systems 104 (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Finance, National Formosa University, Yunlin, Taiwan

    Huey-Yeh Lin, Hung-Chang Chang & Yung-Chuan Su

Authors
  1. Huey-Yeh Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hung-Chang Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yung-Chuan Su
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hung-Chang Chang .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Information Engineering, National Dong Hwa University, Hualien, Taiwan

    Sheng-Lung Peng

  2. Department of Information Management, Central Police University, Taoyuan, Taiwan

    Shiuh-Jeng Wang

  3. Department of Automation and Applied Informatics, Faculty of Engineering, Aurel Vlaicu University of Arad, Arad, Romania

    Valentina Emilia Balas

  4. School of Computer Technology, Jingzhou, China

    Ming Zhao

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lin, HY., Chang, HC., Su, YC. (2018). The Study of Improvement and Risk Evaluation for Mobile Application Security Testing. In: Peng, SL., Wang, SJ., Balas, V., Zhao, M. (eds) Security with Intelligent Computing and Big-data Services. SICBS 2017. Advances in Intelligent Systems and Computing, vol 733. Springer, Cham. https://doi.org/10.1007/978-3-319-76451-1_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-76451-1_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-76450-4

  • Online ISBN: 978-3-319-76451-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation