Title :
Security tests for mobile applications — Why using TLS/SSL is not enough
Author :
Kieseberg, Peter ; Fruhwirt, Peter ; Schrittwieser, Sebastian ; Weippl, Edgar
Author_Institution :
SBA Res., Vienna, Austria
Abstract :
Security testing is a fundamental aspect in many common practices in the field of software testing. Still, the used standard security protocols are typically not questioned and not further analyzed in the testing scenarios. In this work we show that due to this practice, essential potential threats are not detected throughout the testing phase and the quality assurance process. We put our focus mainly on two fundamental problems in the area of security: The definition of the correct attacker model, as well as trusting the client when applying cryptographic algorithms.
Keywords :
cryptographic protocols; mobile computing; program testing; quality assurance; software quality; TLS-SSL; correct attacker model; cryptographic algorithms; mobile applications; quality assurance process; security testing; software testing; standard security protocols; Encryption; Mobile communication; Protocols; Servers; Software; Testing; Security; TLS/SSL; Testing;
Conference_Titel :
Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on
Conference_Location :
Graz
DOI :
10.1109/ICSTW.2015.7107416
