首页> 美国卫生研究院文献>Entropy >A Framework to Secure the Development and Auditing of SSL Pinning in Mobile Applications: The Case of Android Devices

【2h】

A Framework to Secure the Development and Auditing of SSL Pinning in Mobile Applications: The Case of Android Devices

机译：一种框架以确保移动应用程序中SSL Pinning的开发和审计：Android设备的情况

代理获取

本网站仅为用户提供外文OA文献查询和代理获取服务，本网站没有原文。下单后我们将采用程序或人工为您竭诚获取高质量的原文，但由于OA文献来源多样且变更频繁，仍可能出现获取不到、文献不完整或与标题不符等情况，如果获取不到我们将提供退款服务。请知悉。

页面导航

摘要
著录项
相似文献
相关主题

摘要

The use of mobile devices has undergone rapid growth in recent years. However, on some occasions, security has been neglected when developing applications. SSL/TLS has been used for years to secure communications although it is not a vulnerability-free protocol. One of the most common vulnerabilities is SSL pinning bypassing. This paper first describes some security controls to help protect against SSL pinning bypassing. Subsequently, some existing methods for bypassing are presented and two new methods are defined. We performed some experiments to check the use of security controls in widely used applications, and applied SSL pinning bypassing methods. Finally, we created an applicability framework, relating the implemented security controls and the methods that are applicable. This framework provides a guideline for pentesters and app developers.

机译：近年来，使用移动设备的使用经历了快速增长。但是，在某些情况下，在开发应用程序时忽略了安全性。尽管它不是无漏洞协议，但SSL / TLS已被使用多年以确保通信。最常见的漏洞之一是SSL Pinning绕过。本文首先介绍了一些安全控制，以帮助防止SSL钉纳绕过。随后，提出了一些用于旁路的现有方法，并定义了两种新方法。我们进行了一些实验，以检查广泛应用的应用中安全控制的使用，并应用SSL钉纳绕过方法。最后，我们创建了一个适用性框架，与实现的安全控制和适用的方法相关联。此框架为Penters和App开发人员提供了指导。

著录项

期刊名称 Entropy
作者
Francisco José Ramírez-López; Ángel Jesús Varela-Vaca; Jorge Ropero; Joaquín Luque; Alejandro Carrasco;
展开▼
作者单位

展开▼
年(卷),期 2019(21),12
年度 2019
页码 1136
总页数 19
原文格式 PDF
正文语种
中图分类
关键词

机译：SSL Pinning;安全;移动应用;Android;审计;漏洞;OWASP;

相似文献

外文文献
中文文献
专利

1. Mobile Apps as Personal Assistant Agents:the JaCa-Android Framework for programming Agents-based applications on mobile devices [J] . Angelo Croatti, Alessandro Ricci Autonomous agents and multi-agent systems . 2020,第2期

机译：移动应用程序作为个人助理代理：Jaca-Android框架，用于在移动设备上编程基于代理的应用程序
2. Secure Mobile Applications Development:Android App Security [J] . SC magazine . 2012,第1Suppla期

机译：安全的移动应用程序开发：Android应用程序安全性
3. Shopping Mall Directory: A Detailed-Guide Application for Android-Based Mobile Devices [J] . P. VijayaPrasad, Nurul Fadzlina, Murad Saadi, ARPN Journal of Systems and Software . 2013,第6期

机译：购物中心目录：基于Android的移动设备的详细指南应用程序
4. Developing Offloading-Enabled Application Development Frameworks for Android Mobile Devices [C] . Hui Xia, Ligang He, Bin Wang, IEEE International Conference on High Performance Computing and Communications;IEEE International Conference on Smart City;IEEE International Conference on Data Science and Systems . 2018

机译：为Android移动设备开发支持卸载功能的应用程序开发框架
5. Securing Mobility: Developing a Framework to Assist in the Development, Implementation, and Enforcement of Mobile Device Security Policy [D] . Munger, Matthew Leonedes 2013

机译：确保移动性：开发有助于移动设备安全策略的制定，实施和实施的框架
6. Mosquito (Diptera: Culicidae) Habitat Surveillance by Android Mobile Devices in Guangzhou China [O] . Tai-Ping Wu, Jun-Hua Tian, Rui-De Xue, 2016

机译：Android移动设备在中国广州进行的蚊子（双翅目：Cu科）栖息地监测
7. Developing Offloading-Enabled Application Development Frameworks for Android Mobile Devices [O] . Hui Xia, Ligang He, Bin Wang, 2018

机译：开发启用卸载的Android移动设备的应用程序开发框架

A Framework to Secure the Development and Auditing of SSL Pinning in Mobile Applications: The Case of Android Devices

摘要

著录项

相似文献

相关主题

期刊订阅