摘要:Recently, security-breach accidents have become a hot issue. It causes enormous financial losses andinduces damage due to leakage of personal information of individuals. Security vulnerabilities appear inmobile applications as well, and serious problem about the leakage of sensitive information has alsoemerged. To overcome the security weaknesses, a method which improve the security at the source codelevel is the most effective way rather than to strengthen the security system from the external environment.In order to detect the security weaknesses at the source code level, it is necessary to have each analysisengine for the each rule of specific security weakness. In this paper, we propose pattern descriptionlanguage which describe the security weaknesses as a pattern to detect the weaknesses in source code levelstatically. We wrote 47 security weaknesses from Ministry of Public Administration and Security and KoreaInternet Security Agency as patterns and experimented on open sources which are written in Android Javaand Objective-C.
