SEBASTiAn: A static and extensible black-box application security testing tool for iOS and Android applications

Francesco Pagano; Andrea Romdhana; Davide Caputo; Luca Verderame; Alessio Merlo

SoftwareX (Jul 2023)

SEBASTiAn: A static and extensible black-box application security testing tool for iOS and Android applications

Francesco Pagano,
Andrea Romdhana,
Davide Caputo,
Luca Verderame,
Alessio Merlo

Affiliations

Francesco Pagano: DIBRIS - Università degli Studi di Genova, Genova, Italy; Corresponding author.
Andrea Romdhana: Talos srls, Genova, Italy
Davide Caputo: Talos srls, Genova, Italy
Luca Verderame: DIBRIS - Università degli Studi di Genova, Genova, Italy; Talos srls, Genova, Italy
Alessio Merlo: CASD - Centre for Higher Defence Studies, Rome, Italy

Journal volume & issue: Vol. 23
p. 101448

Abstract

Read online

Despite decades of research, the automatic detection of vulnerabilities in mobile apps remains an open challenge. Among the possible solutions, SAST tools uncover source or compiled code security flaws without needing the app to be executed and tested in a controlled environment. However, SAST tools share several limitations, such as the detection of narrowed vulnerability classes, lack of updates, and limited resiliency to obfuscation techniques. This paper presents SEBASTiAn, a black-box automatic static analysis tool for security vetting Android and iOS apps. It relies on a modular approach to cope with new vulnerabilities.

Published in SoftwareX

ISSN: 2352-7110 (Online)
Publisher: Elsevier
Country of publisher: Netherlands
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science: Computer software
Website: http://www.journals.elsevier.com/softwarex/

About the journal

Abstract

Keywords