Mobile Security Testing Analysis on DIVA

In this paper, we present a holistic framework for robust mobile application security testing. The proposed approach helped to design a security testing pipeline based on discovering common mobile application vulnerabilities. Compiled outputs from static analysis, dynamic analysis, and interactive application security testing were used as deliverables for demonstrating an orchestrated workflow. An implementation was created to corroborate how the methodology can produce comprehensive vulnerability analysis using the source code from an insecure Android application. This simulation demonstrated that the proposed approach could increase the number of distinct vulnerabilities found outside of single-dimensional testing and provide a baseline for test cases specific to mobile application weaknesses. It is anticipated that the implementation can be used to integrate orchestrated security testing within the software development life cycle, extended upon to include more security tools, and replicated to support multiple mobile operating systems.