Vetting the security of mobile applications

The purpose of this document is to help organizations (1) understand the process for vetting the security of mobile applications, (2) plan for the implementation of an app vetting process, (3) develop app security requirements, (4) understand the types of app vulnerabilities and the testing methods used to detect those vulnerabilities, and (5) determine if an app is acceptable for deployment on the organization's mobile devices.

[1]  K. Scarfone,et al.  Guidelines for Managing the Security of Mobile Devices in the Enterprise , 2013 .

[2]  Robert A. Martin,et al.  The Software Industry's "Clean Water Act" Alternative , 2012, IEEE Security & Privacy.

[3]  Raghu Kacker,et al.  A method for analyzing system state-space coverage within a t-wise testing framework , 2010, 2010 IEEE International Systems Conference.

[4]  T. Grance,et al.  SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) , 2010 .

[5]  Thomas W. Reps,et al.  WYSINWYX: What you see is not what you eXecute , 2005, TOPL.

[6]  Elaine B. Barker,et al.  Recommendation for Key Management - Part 3: Application-Specific Key Management Guidance , 2009 .

[7]  Karen A. Scarfone,et al.  Technical Guide to Information Security Testing and Assessment , 2008 .

[8]  Hua Chen,et al.  Data-Flow Based Analysis of Java Bytecode Vulnerability , 2008, 2008 The Ninth International Conference on Web-Age Information Management.

[9]  Dongxia Wang,et al.  Data-flow based vulnerability analysis and java bytecode , 2007 .

[10]  Mauro Pezzè,et al.  Software testing and analysis - process, principles and techniques , 2007 .

[11]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[12]  Elaine B. Barker,et al.  Recommendation for key management: , 2019 .

[13]  Rahul Shah Vulnerability Assessment of Java Bytecode , 2005 .

[14]  S. Reid The Art of Software Testing, Second edition. Glenford J. Myers. Revised and updated by Tom Badgett and Todd M. Thomas, with Corey Sandler. John Wiley and Sons, New Jersey, U.S.A., 2004. ISBN: 0-471-46912-2, pp 234: Book Reviews , 2005 .

[15]  Paul E. Black Software Assurance Metrics and Tool Evaluation , 2005, Software Engineering Research and Practice.

[16]  Nancy R. Mead,et al.  Software Security Engineering: A Guide for Project Managers , 2004 .

[17]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .

[18]  Bashar Nuseibeh,et al.  Requirements engineering: a roadmap , 2000, ICSE '00.

[19]  Gerald M. Weinberg,et al.  Exploring Requirements: Quality Before Design , 1989 .

[20]  Glenford J. Myers,et al.  Art of Software Testing , 1979 .

[21]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .