loading page

SEBASTiAn: a Static and Extensible Black-box Application Security Testing tool for iOS and Android applications
  • +2
  • Francesco Pagano ,
  • Andrea Romdhana ,
  • Davide Caputo ,
  • Luca Verderame ,
  • Alessio Merlo
Francesco Pagano
University Of Genova, University Of Genoa, University Of Genoa

Corresponding Author:[email protected]

Author Profile
Andrea Romdhana
Author Profile
Davide Caputo
Author Profile
Luca Verderame
Author Profile
Alessio Merlo
Author Profile

Abstract

Despite decades of research efforts, the automatic detection of vulnerabilities in mobile apps remains an open challenge. Among the possible solutions, SAST tools uncover source or compiled code security flaws without needing the app to be executed and tested in a controlled environment. However, SAST tools share several limitations, such as the detection of narrowed vulnerability classes, lack of updates, and no resiliency to obfuscation techniques. This paper presents SEBASTiAn, a black-box automatic static analysis tool for security vetting of Android and iOS apps. It relies on a modular approach to cope with new vulnerabilities. SEBASTiAn achieves better results than state-of-the-art tools and demonstrates resiliency to obfuscation techniques.
Jul 2023Published in SoftwareX volume 23 on pages 101448. 10.1016/j.softx.2023.101448