Login
      Contents x
      App Security Checker concept
        • Print
        • PDF
        Contents

        App Security Checker concept

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          To help understand and utilize App Security Checker with ease, the concepts, including diagnostic methods and diagnostic report, are explained.

          App Vulnerability

          Refers to the security weaknesses that exist in the source code, operation methods and such upon using a mobile app.
          App Security Checker examines currently the vulnerability by the following 6 fields.

          • Unsafe component implementation
          • Risk of sensitive information disclosure
          • Insecure build settings
          • Unsafe SSL implementation
          • Use of insecure encryption
          • Null point back-reference

          The vulnerability diagnosis criteria will continue to update. For the detailed information about the vulnerability diagnosis criteria, please refer to Service > Security > App Security Checker in the NAVER Cloud Platform portal.

          OWASP vulnerability

          Using App Security Checker, you can check 9 out of the mobile app venerability Top 10 selected by Open Web Application Security Project(OWASP) from the diagnostic report.

          • The vulnerability you can check: M1, M2, M3, M4, M5, M6, M8, M9, and M10

          For the detailed information about each vulnerability point, please refer to OWASP Mobile Top 10.

          Diagnostic methods

          The following is how App Security Checker diagnoses.

          • Once you upload an app package for Android in the apk or aab format, the diagnosis begins.
          • It request Analyzer to examine the uploaded app package.
          • The Analyzer analyzes the app package to discover vulnerability.
          • It presents appropriate countermeasures against detected vulnerabilities.

          Diagnostic report

          After vulnerability diagnosis, you’ll receive a report that integrates with diagnostic results. The report includes the diagnosis information, such as diagnosis target and diagnosis time, along with the types, risk level, and numbers of vulnerability. Also, the detailed explanation about the discovered weaknesses, the found locations and detailed solution are written on it.
          You can check the diagnosis status on your email or cell phone SMS, if you set a notification. You can also access the console to check the diagnostic report.

          Note

          You can view sample diagnostic reports in the Naver Cloud Platform portal. For further information, please refer to Service > Security > App Security Checker.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout