Developers of the social networking site LinkedIn have released a first test version of an analysis tool by which the security of an Android app can be tested. The software also provides a description of the potential hazards of the vulnerabilities.
LinkedIn calls the QARK tool offers the software under open source license. With QARK developers can find vulnerabilities in Java applications for Android, such as weak encryption or private keys to find in the source code. They get to find dangers to see a description of what is wrong. Moreover dishes out QARK sources where you can read what can be done.
To check if the vulnerabilities are actually exploited generates QARK adb commands that previously had been using. Partly because the tool actually creates a test application that allows vulnerabilities in the Android app to show, writes security researcher Tony Trummer LinkedIn.
Despite the automation of finding vulnerabilities, Trummer recommends that organizations still Manual security audits to execute. According to him, there are always namely undiscovered vulnerabilities that can be exploited. In addition, server-side APIs are yet to be explored and, how logical, too, “no perfect tool.
The LinkedIn developers say the next time to tinker a lot to QARK. They want to include the number of false positives and false negatives return. They also want to also test programs that generates QARK the tool automatically tested for vulnerabilities. Finally, they are working on support for Windows, as provisionally QARK only runs on Mac and Linux.
No comments:
Post a Comment