Security analysis of real-time communication in mobile applications
| Autor: | Mrša, Josipa |
|---|---|
| Přispěvatelé: | Zaharija, Goran, Mladenović, Saša, Krpan, Divna |
| Jazyk: | chorvatština |
| Rok vydání: | 2021 |
| Předmět: | |
| Popis: | Sa ubrzanim napretkom tehnologije povećava se i kompleksnost održavanja velikih informacijskih sustava, primarno u vidu održavanja sigurnosti. Pad sustava, gubitak ili krađa podataka danas su puno rizičnije situacije nego u prošlosti - loše projektiranim i neosiguranim sustavom, tvrtka može puno izgubiti na financijskom planu, te u vidu vlastite reputacije. Osim visoko kvalitetne usluge stoga je potrebno osigurati i visokokvalitetni mehanizam obrane sustava koji pruža istu. U ovom radu istražuju se problemi sigurnosti komunikacije u realnom vremenu putem protokola WebSocket, namijenjenog ostvarenju komunikacije u realnom vremenu i implementiranog u obliku mobilne aplikacije za izravno slanje poruka. Provedena je analiza sigurnosti aplikacije u vidu penetracijskih testova. Penetracijsko testiranje pojam je koji se odnosi na pokušaj evaluacije IT infrastrukture, tako što na siguran način pokušava iskoristiti njene ranjivosti. Zbog njihove svestrane primjene u raznim područjima života, mobilne aplikacije moraju imati dobre obrambene mehanizme. Pri izradi takvih testova neprocjenjivu vrijednost ima OWASP (Open Web Application Security Project), neprofitna organizacija posvećena poboljšanju sigurnosti Web i mobilne programske podrške, te se provedba ovog testa vodila materijalima o ispitivanju sigurnosti protokola WebSocket. Rezultati testa pokazali su ozbiljnost problema sigurnosti protokola WebSocket, ali i ukazali na potrebu za korištenjem sigurnih verzija protokola komunikacije, dobre prakse i provjerenih mehanizama obrane. With the rapid advancement of technology, the complexity of maintaining large information systems increases, especially in terms of their security. System crashes, data loss or theft are much riskier situations today than they were in the past – if poorly designed and insecure, a company can lose a lot financially and reputationally. In addition to high-quality services, it is therefore necessary to ensure a high-quality defense system mechanism of the system that provides it. This paper investigates security concerns of real-time communication via WebSocket protocol, intended for real-time communication, and implemented in the form of mobile application for direct messaging. Application security analysis in the form of a penetration test was performed. Penetration testing is a term that refers to an attempt to evaluate an IT infrastructure by safely trying to exploit its vulnerabilities. Due to their usage versatility in various areas of life, mobile applications must have good defense mechanisms. In developing such tests, OWASP (Open Web Application Security Project), a non-profit organization dedicated to improving the security of Web and mobile software, is invaluable, and its materials on WebSocket security were used while designing this test. The test results showed the issues the WebSocket protocol security problem, but also indicated the need to use a secure version of the communication protocol, good practice, and certified defense mechanisms. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|