Android App Security Testing with SAST
Blog post from GitLab
GitLab's integration of Mobile Static Application Security Testing (SAST) in version 13.5, developed with the help of the H-E-B Digital team, facilitates the security analysis of mobile applications, specifically iOS apps written in Objective-C and Swift, and Android apps written in Java and Kotlin. SAST is a method used to analyze source code for known vulnerabilities, such as SQL Injection and unintended code execution, by detecting dangerous attributes or unsafe code. The integration uses the Mobile Security Framework (MobSF) to scan source code with predefined security rules, which can be enhanced or customized by contributors. GitLab encourages contributions not only to its platform but also to other open-source projects, allowing for extensibility by integrating additional scanners into their merge request pipeline and security dashboards. Future plans include expanding support for binary scanning of .ipa and .apk files, with the goal of enhancing the security of Android applications.
No tracked trend matches for this post yet.