Vetting the Security of Mobile Applications

The purpose of this document is to help organizations (1) understand the process for vetting the security of mobile applications, (2) plan for the implementation of an app vetting process, (3) develop app security requirements, (4) understand the types of app vulnerabilities and the testing methods used to detect those vulnerabilities, and (5) determine if an app is acceptable for deployment on the organization's mobile devices.

[1]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[2]  Dongxia Wang,et al.  Data-flow based vulnerability analysis and java bytecode , 2007 .

[3]  Paul E. Black Software Assurance Metrics and Tool Evaluation , 2005, Software Engineering Research and Practice.

[4]  Nancy R. Mead,et al.  Software Security Engineering: A Guide for Project Managers , 2004 .

[5]  Hua Chen,et al.  Data-Flow Based Analysis of Java Bytecode Vulnerability , 2008, 2008 The Ninth International Conference on Web-Age Information Management.

[6]  Bashar Nuseibeh,et al.  Requirements engineering: a roadmap , 2000, ICSE '00.

[7]  S. Reid The Art of Software Testing, Second edition. Glenford J. Myers. Revised and updated by Tom Badgett and Todd M. Thomas, with Corey Sandler. John Wiley and Sons, New Jersey, U.S.A., 2004. ISBN: 0-471-46912-2, pp 234: Book Reviews , 2005 .

[8]  Michael A. Ogata,et al.  Vetting the security of mobile applications , 2015 .

[9]  Robert A. Martin,et al.  The Software Industry's "Clean Water Act" Alternative , 2012, IEEE Security & Privacy.

[10]  T. Grance,et al.  SP 800-122. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) , 2010 .

[11]  William E. Burr,et al.  Recommendation for Key Management Part 3: Application-Specific Key Management Guidance , 2009 .

[12]  Glenford J. Myers,et al.  Art of Software Testing , 1979 .

[13]  Karen A. Scarfone,et al.  Technical Guide to Information Security Testing and Assessment , 2008 .

[14]  Gerald M. Weinberg,et al.  Exploring Requirements: Quality Before Design , 1989 .

[15]  K. Scarfone,et al.  Guidelines for Managing the Security of Mobile Devices in the Enterprise , 2013 .

[16]  Mauro Pezzè,et al.  Software testing and analysis - process, principles and techniques , 2007 .

[17]  Thomas W. Reps,et al.  WYSINWYX: What You See Is Not What You eXecute , 2005, VSTTE.

[18]  Raghu Kacker,et al.  A method for analyzing system state-space coverage within a t-wise testing framework , 2010, 2010 IEEE International Systems Conference.

[19]  Rahul Shah Vulnerability Assessment of Java Bytecode , 2005 .

[20]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[21]  Elaine B. Barker,et al.  Recommendation for key management: , 2019 .

[22]  Hoyt Lougee,et al.  SOFTWARE CONSIDERATIONS IN AIRBORNE SYSTEMS AND EQUIPMENT CERTIFICATION , 2001 .