Toward discovering and exploiting private server-side Web API
Most of the interfaces for mobile application and server interaction use the Web API for communication,but the Web API introduced by these mobile applications may introduce new security issues.To facilitate the study of the security of Web API,a system for automatically discovering the server-side W...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2016-12-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2016.00134 |
| _version_ | 1811232714309763072 |
|---|---|
| author | Jia CHEN Shan-qing GUO |
| author_facet | Jia CHEN Shan-qing GUO |
| author_sort | Jia CHEN |
| collection | DOAJ |
| description | Most of the interfaces for mobile application and server interaction use the Web API for communication,but the Web API introduced by these mobile applications may introduce new security issues.To facilitate the study of the security of Web API,a system for automatically discovering the server-side Web API interface in APK files based on the conventional Android program testing framework was designed and implemented.This system can help to develop the research on private server-side Web API interface security. |
| first_indexed | 2024-04-12T11:07:42Z |
| format | Article |
| id | doaj.art-4208b126ab074798ac855c0c730c2124 |
| institution | Directory Open Access Journal |
| issn | 2096-109X |
| language | English |
| last_indexed | 2024-04-12T11:07:42Z |
| publishDate | 2016-12-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj.art-4208b126ab074798ac855c0c730c21242022-12-22T03:35:41ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2016-12-01212273810.11959/j.issn.2096-109x.2016.00134Toward discovering and exploiting private server-side Web APIJia CHEN0Shan-qing GUO1School of Computer Science and Technology,Shandong University,Jinan 250101,ChinaSchool of Computer Science and Technology,Shandong University,Jinan 250101,China ;Key Laboratory of Cryptologic Technology and Information Security,Ministry of Education,Shandong University,Jinan 250101,ChinaMost of the interfaces for mobile application and server interaction use the Web API for communication,but the Web API introduced by these mobile applications may introduce new security issues.To facilitate the study of the security of Web API,a system for automatically discovering the server-side Web API interface in APK files based on the conventional Android program testing framework was designed and implemented.This system can help to develop the research on private server-side Web API interface security.http://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2016.00134web apiandroid appstatic analysisdynamic analysis |
| spellingShingle | Jia CHEN Shan-qing GUO Toward discovering and exploiting private server-side Web API 网络与信息安全学报 web api android app static analysis dynamic analysis |
| title | Toward discovering and exploiting private server-side Web API |
| title_full | Toward discovering and exploiting private server-side Web API |
| title_fullStr | Toward discovering and exploiting private server-side Web API |
| title_full_unstemmed | Toward discovering and exploiting private server-side Web API |
| title_short | Toward discovering and exploiting private server-side Web API |
| title_sort | toward discovering and exploiting private server side web api |
| topic | web api android app static analysis dynamic analysis |
| url | http://www.infocomm-journal.com/cjnis/CN/10.11959/j.issn.2096-109x.2016.00134 |
| work_keys_str_mv | AT jiachen towarddiscoveringandexploitingprivateserversidewebapi AT shanqingguo towarddiscoveringandexploitingprivateserversidewebapi |