Visible to the public OWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development

TitleOWASP Risk Analysis Driven Security Requirements Specification for Secure Android Mobile Software Development
Publication TypeConference Paper
Year of Publication2018
AuthorsQian, K., Parizi, R. M., Lo, D.
Conference Name2018 IEEE Conference on Dependable and Secure Computing (DSC)
Date Publisheddec
Keywordsaccess sensitive information, Android (operating system), Android development, Banking, composability, data integrity, data leaks, defensive requirements analysis, Detectors, development lifecycle, development stage, guided security requirement analysis, information confidentiality, Malware, Metrics, mobile applications, Mobile Apps, mobile apps flaws, mobile computing, mobile software engineers, necessary security knowledge, Operating Systems Security, OWASP, OWASP mobile top ten risks, OWASP risk analysis driven security requirements specification, pubcrawl, resilience, Resiliency, risk analysis, SDLC, secure Android mobile software development, secure mobile SDLC, secure mobile software development education, security, security defects open doors, security holes, security of data, security requirements, security threats, security vulnerabilities, smart phones, software developers, software development management, software engineering, Testing, useful mobile security guidelines
AbstractThe security threats to mobile applications are growing explosively. Mobile apps flaws and security defects open doors for hackers to break in and access sensitive information. Defensive requirements analysis should be an integral part of secure mobile SDLC. Developers need to consider the information confidentiality and data integrity, to verify the security early in the development lifecycle rather than fixing the security holes after attacking and data leaks take place. Early eliminating known security vulnerabilities will help developers increase the security of apps and reduce the likelihood of exploitation. However, many software developers lack the necessary security knowledge and skills at the development stage, and that's why Secure Mobile Software Development education is very necessary for mobile software engineers. In this paper, we propose a guided security requirement analysis based on OWASP Mobile Top ten security risk recommendations for Android mobile software development and its traceability of the developmental controls in SDLC. Building secure apps immune to the OWASP Mobile Top ten risks would be an effective approach to provide very useful mobile security guidelines.
DOI10.1109/DESEC.2018.8625114
Citation Keyqian_owasp_2018