Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Mobile Application Tool Testing
[SAMATE Home | IntrO TO SAMATE | SARD | SATE | Bugs Framework | Publications | Tool Survey | Resources]
Introduction
Mobile applications play an important role in today's business and government, as well as becoming ever more entrenched in our personal daily lives. Mobile applications differ from the traditional world of computing not only because they are 'always on' but also they are 'always on us.' Whether they are accessing our bank accounts or using a GPS location to find a nearby restaurant, their unprecedented access to data greatly affects our lives. Vulnerabilities in mobile applications stand to expose, damage, or destroy this vital data. The Mobile Application Tool Testing project seeks to understand and evaluate tools and services that identify vulnerabilities in mobile applications.
Project Motivation
As mobile application increase in use in the public and private sector, processes for evaluating mobile applications for software vulnerabilities are becoming more commonplace. NIST defines the work flow for this process in NIST SP 800-163 Vetting the Security of Mobile Applications.
A key part of this process relies on the quality of the tools being used to detect vulnerabilities. This project seeks to further the state of these technologies by studying their capabilities and competencies.
Mobile Applications and Public Safety
In 2012, the US Government established the First Responder Network Authority (FirstNet), with the goal of establishing and maintaining the nations' first public safety broadband network. FirstNet began its network roll-out in 2017. FirstNet will foster the adoption of mobile applications for use by public safety officials. These applications will have higher requirements for security that applications utilized by the general public. The Mobile Application Tool Testing project works closely with another NIST research group, Public Safety Communications Research (PSCR) to identify how mobile application vetting technologies can be used to help secure public safety mobile applications
Project Publications
Mobile Application Security Exercise (MASE): Final Report
The goal of the Mobile Application Security Exercise (MASE) Project is to gain a better understanding of the state-of-the-art in mobile application vetting tools. To achieve this goal, the following activities were undertaken:
- Identify a list of mobile application vetting service features (capabilities) that can be used to describe the analysis capabilities of vetting services.
- Perform a preliminary and informal analysis of the mobile application analysis conducted by participating tools to gain a better understanding of the uniformity and/or cohesiveness of mobile application vetting service features among the participants.
Relevant Resources
- Public Safety Mobile Application Security Requirements Workshop Summary, January 2015, NIST IR 8018, DOI 10.6028/NIST.IR.8018
- Identifying and Categorizing Data Types for Public Safety Mobile Applications Workshop Report, June 2016, NIST IR 8135, DOI 10.6028/NIST.IR.8135