Penetration Testing with OWASP Mobile for Android Security Optimization

Penulis

  • Deco Aprilliansyah Universitas Ahmad Dahlan
  • Imam Riadi Universitas Ahmad Dahlan
  • Sunardi Universitas Ahmad Dahlan

DOI:

https://doi.org/10.64163/jochac.v1i1.3

Kata Kunci:

Android, Penetration Testing, OWASP , MSTG, Exploit

Abstrak

Security and privacy are very important on android devices to prevent crimes such as the theft of data and confidential information for users. There are many attack methods that can be carried out by irresponsible parties, one of which is penetration testing. The need to improve the security of android devices from cyber crimes that can occur at any time so that the security and information belonging to users are more secure. Based on this, this study offers how attackers perform penetration testing on targets using android devices using the OWASP Mobile framework based on the steps in the Security Testing Guide (OWASP MSTG) manual. The penetration testing activity is carried out in five steps. Namely, injection of backdoors on the application, finding vulnerabilities, scanning, exploiting and making reports. The results of this study obtained some information on application IOCs and other information in the form of contact data, SMS data, and audio records belonging to the attacked device. Based on this, this research can be used by security parties to patch loopholes in their applications and systems.

Referensi

T. T. Allen, Introduction to discrete event simulation and agent-based modeling: Voting systems, health care, military, and manufacturing, Springer, New York, 2011.

T. T. Ballen, Introducion to discrete event simulation and agent-based modeling: voting systems, health care, military, and manufacturing, 2 ed., Springer, New York, 2011

G. Blanchard and R. Loubere, High-order conservative remapping with a posteriori MOOD stabilization on polygonal meshes, 2015, Available from: http://www.emn.fr/z-info/choco-solver/ [last accessed May 2011].

R. Boggs, J. Bozman, and R. Perry, Reducing downtime and business loss: adressing business risk with effective technology, Tech. Report Technical report 91-18, InternationalData Corporation (IDC), Sernageomin, 2002.

S. Elbaum, A. G. Malishevsky, and G. Rothermel, Test case prioritization: A family of empirical studies, IEEE Trans. Softw. Eng. 28 (Feb. 2002), no. 2, 159–182.

G. Rothermel, A safe efficient regression test selection technique, ACM Trans. Soft. Eng. Methodology 6 (1997), no. 2, 173–210. MR 2000f:91046

G. Rothermel, M. J. Harrold, C. W. Hirt, A. A. Amsden, and J. L. Cook, A safe efficient regression test selection technique, ACM Trans. Soft. Eng. Methodology 6 (1998), no. 2, 173–210.

A. Schulz and G. Doblhammer, Aktueller und Zukünftiger Krankenbestand von Demenz in Deutschland auf Basis der Outinedaten der AOK. (Current and future number of people suffering from dementia in Germany based on routine data from the AOK.), Versorgungs-Report (Piscataway, NJ, USA) (C. Gnster, J. Klose, and N. Schmacke, eds.), IEEE Press, 2012, pp. 161–175.

S. Yoo and M. Harman, Pareto efficient multi-objective test case selection, (Proceedings Of The 2007 International Symposium On Software Testing And Analysis, London, UK), 2007, pp. 140–150.

R. S. Kusuma, “Forensik Serangan Ransomware Ryuk pada Jaringan Cloud”, JURNAL MULTIMEDIA NETWORKING INFORMATICS, vol. 9, no. 2, pp. 99–107, Oct. 2023.

K. B. Sarmila and S. V. Manisekaran, "A Study on Security Considerations in IoT Environment and Data Protection Methodologies for Communication in Cloud Computing," 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 2019, pp. 1-6, doi: 10.1109/CCST.2019.8888414.

S. -, I. Riadi, and P. Ananda, “Vulnerability Analysis of E-voting Application using Open Web Application Security Project (OWASP) Framework,” International Journal of Advanced Computer Science and Applications, vol. 10, no. 11, 2019, doi: 10.14569/ijacsa.2019.0101118.

A. Alanda, D. Satria, H. A. Mooduto, and B. Kurniawan, “Mobile Application Security Penetration Testing Based on OWASP,” IOP Conference Series: Materials Science and Engineering, vol. 846, no. 1, p. 012036, May 2020, doi: 10.1088/1757-899x/846/1/012036.

R. Ponakala and M. N. Dailey, “LineageOS Android Open Source Mobile Operating System: Strengths And Challenges,” Oct. 2020, doi: 10.35543/osf.io/4gch5.

X. Li, L. Yu, and X. P. Luo, “On Discovering Vulnerabilities in Android Applications,” Mobile Security and Privacy, pp. 155–166, 2017, doi: 10.1016/b978-0-12-804629-6.00007-9.

“A Process of Penetration Testing Using Various Tools,” Mesopotamian Journal of Cyber Security, pp. 94–104, Apr. 2023, doi: 10.58496/mjcs/2023/014.

Unduhan

Diterbitkan

10-12-2023

Cara Mengutip

Deco Aprilliansyah, Imam Riadi, & Sunardi. (2023). Penetration Testing with OWASP Mobile for Android Security Optimization. Journal of Cyber Health and Computer, 1(1), 10–14. https://doi.org/10.64163/jochac.v1i1.3

Terbitan

Vol 1 No 1 (2023): Journal of Cyber Health and Computer (JOCHAC)

Bagian

Articles

Lisensi

Hak Cipta (c) 2023 Journal of Cyber Health and Computer

Creative Commons License

Artikel ini berlisensi Creative Commons Attribution 4.0 International License.