出版社:Academy of Criminalistic and Police Studies, Belgrade
摘要:To achieve a satisfactory level of security of an information system; different system and application methods are applied. The paper has a focus on general aspects of application IT security; thereby giving an overview of security methods applied to the web and mobile applications. In accordance with the OWASP report; out of web vulnerabilities the most common include SQL Injection and Cross-site Scripting type of attacks. The paper also emphasizes the role of code analysis tools; which contribute to the detection of vulnerabilities of analyzed application. In the context of mobile applications; Android operating system is especially featured; as one of the most commonly used. The necessary environment and tools for testing the security of Android applications are elaborate; vulnerabilities highlighted and a greater number of security recommendations are offered. In the field of application security; some of the newer solutions are shown; such as RASP approach. The paper particularly emphasizes the importance of security testing of applications; with accent on testing phase. Finally; in addition to the previously explained application of security methods; an overview of security methods of a general character is given.
关键词:veb-aplikacije; mobilne aplikacije; bezbednost; Android; OWASP; RASP; alati za analizu koda; testiranje bezbednosti
