Security tests for mobile applications — Why using TLS/SSL is not enough

  • Peter Kieseberg, Peter Fruhwirt, Sebastian Schrittwieser, Edgar Weippl
  • April 2015, Institute of Electrical & Electronics Engineers (IEEE)
  • DOI: 10.1109/icstw.2015.7107416

Security tests for mobile applications — Why using TLS/SSL is not enough

What is it about?

Security testing is a fundamental aspect in many common practices in the field of software testing. Still, the used standard security protocols are typically not questioned and not further analyzed in the testing scenarios. In this work we show that due to this practice, essential potential threats are not detected throughout the testing phase and the quality assurance process. We put our focus mainly on two fundamental problems in the area of security: The definition of the correct attacker model, as well as trusting the client when applying cryptographic algorithms.

Read Publication

http://dx.doi.org/10.1109/icstw.2015.7107416

The following have contributed to this page: Mr Peter Kieseberg