56 lines
2.5 KiB
Plaintext
56 lines
2.5 KiB
Plaintext
|
To cite the use of this application, please use
|
||
|
|
||
|
Achim D. Brucker and Michael Herzberg. On the Static Analysis of
|
||
|
Hybrid Mobile Apps: A Report on the State of Apache Cordova
|
||
|
Nation. In International Symposium on Engineering Secure Software
|
||
|
and Systems (ESSoS). Lecture Notes in Computer Science (9639), pages
|
||
|
72-88, Springer-Verlag, 2016. doi: :10.1007/978-3-319-30806-7_5
|
||
|
|
||
|
A BibTeX entry for LaTeX users is
|
||
|
|
||
|
@InCollection{ brucker.ea:cordova-security:2016,
|
||
|
author = {Achim D. Brucker and Michael Herzberg},
|
||
|
booktitle = {International Symposium on Engineering Secure Software and
|
||
|
Systems (ESSoS)},
|
||
|
language = {USenglish},
|
||
|
editor = {Juan Caballero and Eric Bodden},
|
||
|
publisher = {Springer-Verlag},
|
||
|
pages = {72--88},
|
||
|
talk = {talk:brucker.ea:cordova-security:2016},
|
||
|
address = {Heidelberg},
|
||
|
series = {Lecture Notes in Computer Science},
|
||
|
number = {9639},
|
||
|
title = {On the Static Analysis of Hybrid Mobile Apps: A Report on
|
||
|
the State of Apache Cordova Nation},
|
||
|
year = {2016},
|
||
|
isbn = {978-3-642-11746-6},
|
||
|
classification= {conference},
|
||
|
areas = {security, software},
|
||
|
public = {yes},
|
||
|
doi = {10.1007/978-3-319-30806-7_5},
|
||
|
pdf = {https://www.brucker.ch/bibliography/download/2016/brucker.ea-cordova-security-2016.pdf},
|
||
|
abstract = {Developing mobile applications is a challenging business:
|
||
|
developers need to support multiple platforms and, at the
|
||
|
same time, need to cope with limited resources, as the
|
||
|
revenue generated by an average app is rather small. This
|
||
|
results in an increasing use of cross-platform development
|
||
|
frameworks that allow developing an app once and offering
|
||
|
it on multiple mobile platforms such as Android, iOS, or
|
||
|
Windows.
|
||
|
|
||
|
Apache Cordova is a popular framework for developing
|
||
|
multi-platform apps. Cordova combines HTML5 and JavaScript
|
||
|
with native application code. Combining web and native
|
||
|
technologies creates new security challenges as, e.g., an
|
||
|
XSS attacker becomes more powerful.
|
||
|
|
||
|
In this paper, we present a novel approach for statically
|
||
|
analysing the foreign language calls. We evaluate our
|
||
|
approach by analysing the top Cordova apps from Google
|
||
|
Play. Moreover, we report on the current state of the
|
||
|
overall quality and security of Cordova apps. },
|
||
|
keywords = {static program analysis, static application security
|
||
|
testing, Android, Cordova, hybrid mobile apps},
|
||
|
url = {https://www.brucker.ch/bibliography/abstract/brucker.ea-cordova-security-2016}
|
||
|
}
|