[owasp_seraphimdroid_project] Mobile antivirus epic fail and how SeraphimDroid & ZAP can help

Nikola Milosevic nikola.milosevic86 at gmail.com
Mon Sep 19 11:57:37 UTC 2016


Hello Johanna,


Sorry for the quite late reply. The things you stated and the research you
mentioned pointed out is quite interesting and quite a good field to
promote ourselves probably. However, ZAP is definitely better suited for
testing apps. We can do some heuristics and scans, but on the app side we
are unable to scan code and find most of the issues from OWASP Mobile Top
10. What we most definitely should do is make app secure. If we can do also
some basic scans for insecure apps, that is also quite a good idea for some
future development. Thank you for sharing the article, also if you have
further ideas for the Seraphimdroid side, I am happy to listen.





Best regards,

Nikola Milošević

On 15 September 2016 at 20:44, johanna curiel curiel <
johanna.curiel at owasp.org> wrote:

> Hi Zap and Seraphimdroid team
>
> Recently I wrote an article regarding the security of mobile antivirus:
> http://techbeacon.com/mobile-antivirus-introduces-
> vulnerability-how-devops-could-have-stopped-mess
>
> Many OWASP resources and projects are actually mentioned as resources for
> proper development lifecycle. Zap among others
>
> I'm conducting a research on automation of apps security testing and one
> of the apps I will be testing is Seraphimdroid.
>
> I'll be using ZAP for the testing certain areas of the application and
> ZEST scripts.
>
> @Seraphimdroid team: I think , based on the mobile fiasco, if
> SeraphimDroid enhances his security testing , patching the issues found,
> including a Bug Bounty program, we will have a more secure app than any
> anti-virus and for free ;-P
>
> Right now I have a draft of the areas ZAP helps testing mobile apps:
> https://docs.google.com/document/d/1PdkvNh0SOy5fSIcmkuDMNCNxvlKRp
> dFseFX_lnoJUfg/edit?usp=sharing
>
> If you have any ideas, feel free to feedback
>
>
> Johanna Curiel
>
> _______________________________________________
> Owasp_seraphimdroid_project mailing list
> Owasp_seraphimdroid_project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp_seraphimdroid_project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_seraphimdroid_project/attachments/20160919/6ebbd2d7/attachment.html>


More information about the Owasp_seraphimdroid_project mailing list