SEBASTiAn.pdf (574.2 kB)
SEBASTiAn: a Static and Extensible Black-box Application Security Testing tool for iOS and Android applications
preprint
posted on 2023-07-13, 13:46 authored by Francesco PaganoFrancesco Pagano, Andrea RomdhanaAndrea Romdhana, Davide Caputo, Luca Verderame, Alessio MerloDespite decades of research, the automatic detection of vulnerabilities in mobile apps remains an open challenge. Among the possible solutions, SAST tools uncover source or compiled code security flaws without needing the app to be executed and tested in a controlled environment. However, SAST tools share several limitations, such as the detection of narrowed vulnerability classes, lack of updates, and limited resiliency to obfuscation techniques. This paper presents SEBASTiAn, a black-box automatic static analysis tool for security vetting Android and iOS apps. It relies on a modular approach to cope with new vulnerabilities.
Funding
This work was partially supported by the Curiosity Driven grant ‘‘Security Assessment of Cross-domain Application Ecosystems’’of the University of Genova funded by the European Union - NextGEneration EU program and by project SERICS (PE000 00014) under the NRRP MUR program and funded by the EUN - GEU.
History
Email Address of Submitting Author
francesco.pagano@dibris.unige.itORCID of Submitting Author
0000-0003-1485-0068Submitting Author's Institution
University Of GenovaSubmitting Author's Country
- Italy
