A Web Crawling-Based Process and a Graph-Based Database for Mobile Vulnerability Analysis
摘要
The increasing availability of security-related data on the Web requires efficient and scalable approaches for data integration and analysis. In the context of software security, a holistic methodology that combines multiple data sources is essential to understand evolving threats. This paper presents a novel web crawling-based process designed to systematically retrieve and integrate security-related information from multiple vulnerability data repositories. This process has been leveraged to build G-MAWD, a Graph-based Mobile Application Vulnerability and Weakness Database, that we show to be effective for analyzing web-related security risks in mobile applications, including vulnerabilities in WebView, WKWebView, and authentication mechanisms such as OAuth and JWT. By enabling large-scale security analysis through flexible querying and relationship exploration, this approach highlights the potential of distributed web crawling and graph-based modeling to advance security research and improve software quality.