DocumentCode
708929
Title
Security tests for mobile applications — Why using TLS/SSL is not enough
Author
Kieseberg, Peter ; Fruhwirt, Peter ; Schrittwieser, Sebastian ; Weippl, Edgar
Author_Institution
SBA Res., Vienna, Austria
fYear
2015
fDate
13-17 April 2015
Firstpage
1
Lastpage
2
Abstract
Security testing is a fundamental aspect in many common practices in the field of software testing. Still, the used standard security protocols are typically not questioned and not further analyzed in the testing scenarios. In this work we show that due to this practice, essential potential threats are not detected throughout the testing phase and the quality assurance process. We put our focus mainly on two fundamental problems in the area of security: The definition of the correct attacker model, as well as trusting the client when applying cryptographic algorithms.
Keywords
cryptographic protocols; mobile computing; program testing; quality assurance; software quality; TLS-SSL; correct attacker model; cryptographic algorithms; mobile applications; quality assurance process; security testing; software testing; standard security protocols; Encryption; Mobile communication; Protocols; Servers; Software; Testing; Security; TLS/SSL; Testing;
fLanguage
English
Publisher
ieee
Conference_Titel
Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on
Conference_Location
Graz
Type
conf
DOI
10.1109/ICSTW.2015.7107416
Filename
7107416
Link To Document