dc.creator | Ramírez López, Francisco José | es |
dc.creator | Varela Vaca, Ángel Jesús | es |
dc.creator | Ropero Rodríguez, Jorge | es |
dc.creator | Luque Rodríguez, Joaquín | es |
dc.creator | Carrasco Muñoz, Alejandro | es |
dc.date.accessioned | 2024-01-04T09:34:33Z | |
dc.date.available | 2024-01-04T09:34:33Z | |
dc.date.issued | 2019-12 | |
dc.identifier.citation | Ramírez López, F.J., Varela Vaca, Á.J., Ropero Rodríguez, J., Luque Rodríguez, J. y Carrasco Muñoz, A. (2019). A framework to secure the development and auditing of SSL pinning in mobile applications: The case of android devices. Entropy, 21 (12), Article number 1136. https://doi.org/10.3390/e21121136. | |
dc.identifier.issn | 1099-4300 | es |
dc.identifier.uri | https://hdl.handle.net/11441/152937 | |
dc.description | Article number 1136 | es |
dc.description.abstract | The use of mobile devices has undergone rapid growth in recent years. However, on some
occasions, security has been neglected when developing applications. SSL/TLS has been used for
years to secure communications although it is not a vulnerability-free protocol. One of the most
common vulnerabilities is SSL pinning bypassing. This paper first describes some security controls to
help protect against SSL pinning bypassing. Subsequently, some existing methods for bypassing are
presented and two new methods are defined. We performed some experiments to check the use of
security controls in widely used applications, and applied SSL pinning bypassing methods. Finally,
we created an applicability framework, relating the implemented security controls and the methods
that are applicable. This framework provides a guideline for pentesters and app developers. | es |
dc.description.sponsorship | Ministerio de Ciencia y Tecnología (España) RTI2018-094283-B-C33 | es |
dc.format | application/pdf | es |
dc.format.extent | 19 p. | es |
dc.language.iso | eng | es |
dc.publisher | MDPI AG | es |
dc.relation.ispartof | Entropy, 21 (12), Article number 1136. | |
dc.rights | Atribución 4.0 Internacional | * |
dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | * |
dc.subject | SSL pinning | es |
dc.subject | Security | es |
dc.subject | Mobile applications | es |
dc.subject | Android | es |
dc.subject | Auditing | es |
dc.subject | Vulnerabilities | es |
dc.subject | OWASP | es |
dc.title | A framework to secure the development and auditing of SSL pinning in mobile applications: The case of android devices | es |
dc.type | info:eu-repo/semantics/article | es |
dcterms.identifier | https://ror.org/03yxnpp24 | |
dc.type.version | info:eu-repo/semantics/publishedVersion | es |
dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Tecnología Electrónica | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos | es |
dc.relation.projectID | RTI2018-094283-B-C33 | es |
dc.relation.publisherversion | https://www.mdpi.com/1099-4300/21/12/1136 | es |
dc.identifier.doi | 10.3390/e21121136 | es |
dc.journaltitle | Entropy | es |
dc.publication.volumen | 21 | es |
dc.publication.issue | 12 | es |
dc.publication.initialPage | Article number 1136 | es |
dc.contributor.funder | Junta de Andalucía | es |
dc.contributor.funder | European Commission (EC). Fondo Europeo de Desarrollo Regional (FEDER) | es |