Assessment of National Crime Reporting System: Detailed Analysis of the Desktop Application

Abstract

Numerous standards and codes of best practice recommend the implementation of security practices since the early stages of the application development process. Commonly known as ‘security-as-default’, these practices consist of coding while keeping security in mind to start addressing threats and vulnerabilities before integrating security measures becomes too laborious. Hence, these best practices lead to cleaner and safer code. An effective way to find out whether the application is secure is by performing source code analyses. These analyses report weaknesses in the code once run against a predefined set of rules. Consequently, developers can detect and correct these issues, preventing the application from future exploits. A static source code analysis was performed to assess a National Crime Reporting System for a Latin American country’s National Police. The system is comprised of three modules: the mobile app, the desktop app, and the backend service. This paper focuses on the assessment of the desktop module.