Litcius/Paper detail

SEBASTiAn: A static and extensible black-box application security testing tool for iOS and Android applications

Francesco Pagano, Andrea Romdhana, Davide Caputo, Luca Verderame, Alessio Merlo

2023SoftwareX13 citationsDOIOpen Access PDF

Abstract

Despite decades of research, the automatic detection of vulnerabilities in mobile apps remains an open challenge. Among the possible solutions, SAST tools uncover source or compiled code security flaws without needing the app to be executed and tested in a controlled environment. However, SAST tools share several limitations, such as the detection of narrowed vulnerability classes, lack of updates, and limited resiliency to obfuscation techniques. This paper presents SEBASTiAn, a black-box automatic static analysis tool for security vetting Android and iOS apps. It relies on a modular approach to cope with new vulnerabilities.

Topics & Concepts

Computer scienceAndroid (operating system)VettingModular designComputer securityObfuscationOpen sourceStatic analysisTaint checkingApplication securityBlack boxSecure codingWorld Wide WebOperating systemSoftware security assuranceSoftwareInformation securityProgramming languageSecurity serviceArtificial intelligenceAdvanced Malware Detection TechniquesSoftware Testing and Debugging TechniquesWeb Application Security Vulnerabilities
SEBASTiAn: A static and extensible black-box application security testing tool for iOS and Android applications | Litcius