Mobile devices are being deployed rapidly for both private and professional reasons.One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management.These ap...Mobile devices are being deployed rapidly for both private and professional reasons.One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management.These applications help individuals track their own biorhythms and contain sensitive information.This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks.We first develop and justify a mobile OWASP Cryptographic knowledge-graph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography.We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications.Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications.As humans adopt healthcare applications for managing their health routines,it is essential that they consider the privacy and security risks they are accepting when sharing their data.Furthermore,many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations.In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded,the article suggests awareness and training modules for developers prior to marketplace software release.展开更多
针对网络平台在开发和运行中会面临的各种安全问题,从创建并运行一个安全网站的角度出发,研究了如何构建安全网站的运行环境和提供安全的系统服务的问题,提出了在网站开发过程中需要参考OWASP(The open web application security proje...针对网络平台在开发和运行中会面临的各种安全问题,从创建并运行一个安全网站的角度出发,研究了如何构建安全网站的运行环境和提供安全的系统服务的问题,提出了在网站开发过程中需要参考OWASP(The open web application security project)的主要内容,研究了各种安全检测机制。运用上述方法,可以帮助开发人员在程序开发过程中避免许多缺陷,降低程序的运行风险,在网站的开发过程中建立有效的安全机制。展开更多
文摘Mobile devices are being deployed rapidly for both private and professional reasons.One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management.These applications help individuals track their own biorhythms and contain sensitive information.This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks.We first develop and justify a mobile OWASP Cryptographic knowledge-graph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography.We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications.Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications.As humans adopt healthcare applications for managing their health routines,it is essential that they consider the privacy and security risks they are accepting when sharing their data.Furthermore,many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations.In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded,the article suggests awareness and training modules for developers prior to marketplace software release.
文摘针对网络平台在开发和运行中会面临的各种安全问题,从创建并运行一个安全网站的角度出发,研究了如何构建安全网站的运行环境和提供安全的系统服务的问题,提出了在网站开发过程中需要参考OWASP(The open web application security project)的主要内容,研究了各种安全检测机制。运用上述方法,可以帮助开发人员在程序开发过程中避免许多缺陷,降低程序的运行风险,在网站的开发过程中建立有效的安全机制。