- Print
- PDF
App Security Checker concept
- Print
- PDF
Available in Classic and VPC
To help understand and utilize App Security Checker with ease, the concepts, including diagnostic methods and diagnostic report, are explained.
App Vulnerability
Refers to the security weaknesses that exist in the source code, operation methods and such upon using a mobile app.
App Security Checker examines currently the vulnerability by the following 6 fields.
- Unsafe component implementation
- Risk of sensitive information disclosure
- Insecure build settings
- Unsafe SSL implementation
- Use of insecure encryption
- Null point back-reference
The vulnerability diagnosis criteria will continue to update. For the detailed information about the vulnerability diagnosis criteria, please refer to Service > Security > App Security Checker in the NAVER Cloud Platform portal.
OWASP vulnerability
Using App Security Checker, you can check 9 out of the mobile app venerability Top 10 selected by Open Web Application Security Project(OWASP) from the diagnostic report.
- The vulnerability you can check: M1, M2, M3, M4, M5, M6, M8, M9, and M10
For the detailed information about each vulnerability point, please refer to OWASP Mobile Top 10.
Diagnostic methods
The following is how App Security Checker diagnoses.
- Once you upload an app package for Android in the apk or aab format, the diagnosis begins.
- It request Analyzer to examine the uploaded app package.
- The Analyzer analyzes the app package to discover vulnerability.
- It presents appropriate countermeasures against detected vulnerabilities.
Diagnostic report
After vulnerability diagnosis, you’ll receive a report that integrates with diagnostic results. The report includes the diagnosis information, such as diagnosis target and diagnosis time, along with the types, risk level, and numbers of vulnerability. Also, the detailed explanation about the discovered weaknesses, the found locations and detailed solution are written on it.
You can check the diagnosis status on your email or cell phone SMS, if you set a notification. You can also access the console to check the diagnostic report.
You can view sample diagnostic reports in the Naver Cloud Platform portal. For further information, please refer to Service > Security > App Security Checker.