Security Testing of Applications Based on Threat Modelling / Nurul Intan Baizura Bte Hj Emran
Material type:
TextPublication details: Brunei Darussalam : Universiti Teknologi Brunei , © 2019 . Description: x, 249 Pages : color illustrations , photographs, charts ; 30 cmSubject(s): -- FInal Year Project Unievrsiti Teknologi Brunei | Application software -- Testing | Computer security | Threat modeling (Computer security)Other classification: UTB 120 REPORT, THESIS & DISSERTATION | RTDS 280
| Item type | Current library | Call number | Status | Notes | Date due | Barcode |
|---|---|---|---|---|---|---|
Reports, Thesis & Dissertation Students
|
Universiti Teknologi Brunei Library - at level 2 | UTB 120 REPORT, THESIS & DISSERTATION, RTDS 280 (Browse shelf(Opens below)) | Not for loan | Reg. no. 002037_UTB [RTDS 280] | 850421 | |
Report. Thesis & Desertation Students - Media
|
Universiti Teknologi Brunei Library | UTB 120 REPORT, THESIS & DISSERTATION, RTDS CD 30 (Browse shelf(Opens below)) | Available | RTDS CD 30_UTB | 850422 |
Report submitted for the degree of Bsc in Computer Network and Security Universiti Teknologi Brunei.
Abstract
Mobile devices have outnumbered PCs and laptops to become the prime medium for accessing content and services. Due to its ability to handle many useful and creative applications, enterprises are rapidly adopting innovative applications to transform their business capabilities as the mobile presence is critical for businesses to attract new customers. While Android, the most popular open-source mobile platform, has its own set of permissions to protect the device and resources, however, it does not provide a security framework to defend against any attack. Hence, it is imperative to make the applications more secure and reliable. In this project a threat modelling process will be conducted on local existing applications from Google Play Store with objectives to identify the possible threats and vulnerabilities with reference to OWASP top 10 security risks. These vulnerabilities are then to be rated according to its risk of exploitation, among several application for comparisons by using DREAD. Penetration testing were also carried out to test the security of the application by following the freely available mobile security testing guide by OWASP. Microsoft's STRIDE tools are the features used for threat modelling process and an open source tools such as Kali Linux, Burpsuite, MobSF and Drozer etc for implementing the penetration testing.
Includes bibliography references.
There are no comments on this title.