Search for: All records

The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of our software, and militate the consequence of damages of data loss caused by potential malicious attacking. However, many software developer professionals lack the necessary security knowledge and skills at the development stage and Secure Mobile Software Development (SMSD) is not yet well represented in current computing curriculum. In this paper we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We categorized the common mobile vulnerability for developers based on OWASP mobile security recommendations and developed detectors to meet the SMSD needs in industry and education. 

The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of our software, and militate the consequence of damages of data loss caused by potential malicious attacking. However, many software developer professionals lack the necessary security knowledge and skills at the development stage and Secure Mobile Software Development (SMSD) is not yet well represented in current computing curriculum. In this paper we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We categorized the common mobile vulnerability for developers based on OWASP mobile security recommendations and developed detectors to meet the SMSD needs in industry and education. 

As mobile computing is becoming more and more popular, the security threats to mobile applications are simultaneously increasing explosively. Most malicious activities hack the user’s private information, such as contact and location information, hijack the user’s transactions and communications, and exploit the confidential enterprise data stored in mobile databases or in cache on mobile devices. Database security is one of the most important security areas to be addressed. Many schools are integrating database security topics into database and cybersecurity education. This paper addresses the needs for pedagogical learning materials for database security education and the challenges of building database security capacity through effective, engaging, and investigative learning approaches, through transferrable and integratable mobile-based learning modules with hands-on companion labs based on the OWASP recommendations, such as input validation, data encryption, data sharing, auditing, and others. The primary goal of this learning approach is to create a motivating learning environment that encourages and engages all students in database security concepts and practices learning. The preliminary feedback from students was positive. Students gained hands-on real world learning experiences on Mobile Database Security (MDS) with Android mobile devices, which also greatly promoted students’ self-efficacy and confidence in their mobile security learning.