Evaluating Compliance of of the XYZ Ministry’s Android Messaging Applications with OWASP MASVS: A Comprehensive Case Study

Evaluating Compliance of of the XYZ Ministry’s Android Messaging Applications with OWASP MASVS: A Comprehensive Case Study

연구 분야: Analysis

학회: 2024 IEEE 2nd International Conference on Electrical Engineering, Computer and Information Technology (ICEECIT)

Safeguarding the security of government communication tools is crucial for protecting sensitive information. This study presents a thorough case analysis that assesses the compliance of the XYZ Ministry's Android messaging app with the OWASP Mobile Application Security Verification Standard (MASVS). OWASP MASVS offers a robust framework for evaluating the security stance of mobile applications, encompassing vital areas such as data protection, authentication, and network security. The study applied the OWASP MASVS standard to the XYZ Ministry's messaging application using automated and manual testing approaches to gauge adherence to security standards. Specifically, the research concentrated on MASVS-NETWORK-2 security controls. The primary goal of this research was to uncover vulnerabilities, evaluate compliance, and put forth actionable recommendations for enhancing application security. The findings indicated that the tested application failed to meet two of the five test sections in MASVS-NETWORK-2. The recommended course of action is to modify the code in Network Security Settings to accept certificates from the system exclusively.