Mobile Application Security Penetration Testing Based on OWASP

Abstract

Evolution of smartphones and smart devices affected one of the most used operating systems on smartphones and smart device is Android. Android growth with fast and affected the growth of applications used by that operating system. That application developed by many developers and can be downloadable on the play store. besides the benefits and features that operating systems are given and support from the application can affect security to users. The purpose of this research is to know vulnerability and technics that used to find a vulnerability in Android operating systems and Android applications. In addition, to give recommendations and prevention from the vulnerability. Technics and methods that used based on research from the OWASP Foundation consisting of 10 main vulnerability in Android application that is improper platform usage, insecure data storage, insecure communication, insecure authentication, insufficient cryptography, insecure authorization, client code quality, code tampering, reverse engineering, and extraneous functionality. The results from testing of five applications downloaded from Play Store. 4 application have vulnerability based on OWASP Mobile Top Ten documentation. The OWASP documentation can give an illustration of the vulnerability that most found in Android applications from the market.