The increasing availability of security-related data on the Web requires efficient and scalable approaches for data integration and analysis. In the context of software security, a holistic methodology that combines multiple data sources is essential to understand evolving threats. This paper presents a novel web crawling-based process designed to systematically retrieve and integrate security-related information from multiple vulnerability data repositories. This process has been leveraged to build G-MAWD, a Graph-based Mobile Application Vulnerability and Weakness Database, that we show to be effective for analyzing web-related security risks in mobile applications, including vulnerabilities in WebView, WKWebView, and authentication mechanisms such as OAuth and JWT. By enabling large-scale security analysis through flexible querying and relationship exploration, this approach highlights the potential of distributed web crawling and graph-based modeling to advance security research and improve software quality.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Web Crawling-Based Process and a Graph-Based Database for Mobile Vulnerability Analysis

  • Domenico Amalfitano,
  • Andrea Abbate,
  • Damiano Distante,
  • Antonio M. Rinaldi,
  • Cristiano Russo,
  • Cristian Tommasino

摘要

The increasing availability of security-related data on the Web requires efficient and scalable approaches for data integration and analysis. In the context of software security, a holistic methodology that combines multiple data sources is essential to understand evolving threats. This paper presents a novel web crawling-based process designed to systematically retrieve and integrate security-related information from multiple vulnerability data repositories. This process has been leveraged to build G-MAWD, a Graph-based Mobile Application Vulnerability and Weakness Database, that we show to be effective for analyzing web-related security risks in mobile applications, including vulnerabilities in WebView, WKWebView, and authentication mechanisms such as OAuth and JWT. By enabling large-scale security analysis through flexible querying and relationship exploration, this approach highlights the potential of distributed web crawling and graph-based modeling to advance security research and improve software quality.