Category Archives: Uncategorized

Android Security Score Release!

It’s been a while since my last post and many things have changed. I’ve started a new job at an awesome place, moved to New York City, learned a ton, and even made a second Android app.

It’s called (after much deliberation) Android Security Score and it does some stuff I haven’t seen other security apps do. It analyzes all the installed apps as well as all important security settings of an Android device. It then gives the user a simple score (A-F) that a person can use to get an idea of where their device is in terms of security.

Here’s some other stuff it does:

  1. Provide the user with permissions an app requests
  2. Give advice on how to make their device more secure/improve their score
  3. List potentially dangerous third party apps
  4. Root detection
  5. Showing apps that are old and out of date
  6. And several other things I can’t think of right now

It can be downloaded from https://play.google.com/store/apps/details?id=com.device.security.analytics.androidsecurityanalyticspro

And if you want the PRO version, which includes a handy dandy PDF report of all your results, you can get it from this here link.

Without further ado, here are some screenshots.

If you have any ideas for improvement or features you’d like to see, please let me know!

Screenshot_2013-08-21-09-28-24-1

Screenshot_2013-08-15-16-17-08

Screenshot_2013-08-15-16-17-35

Screenshot_2013-08-15-16-17-58

Share

Thesis approved for publishing!

My thesis on “Eliminating SQL Injection and Cross Site Scripting Using Aspect Oriented Programming” (I know, it’s a mouthful) has been approved for publishing!

Click this to download if you’re interested in the whole thing.

If anyone wants to discuss it, feel free to contact me. I’d love to hear your ideas.

I hope to further develop it to mitigate some of the other items in the OWASP top 10 in the near future and port it out to a few other programming languages besides Java.

Abstract:

Cross Site scripting (XSS) and SQL injection are two of the most common vulnerabilities found in applications. According to a study done by the Web Application Security Consortium (WASC) on 12,186 web applications, the percentage of sites with these vulnerabilities is 38 and 13 percent, respectively [3]. The fundamental reason these vulnerabilities exist in web applications are critical design flaws which lead to security issues across entire projects. It is typical in the case of web applications that developers continue to write insecure code and only fix these issues when they are noticed or become a problem [4]. Using Aspect Oriented Programming (AOP), modules can be created to address these security vulnerabilities across an entire application without modifying existing source code. This paper will explain in detail how the use of AOP and AspectJ in particular can be leveraged to create a tool for eliminating these two major security vulnerabilities in open source Java web applications. The implications of a tool for successfully eliminating these vulnerabilities would lead to a significant improvement in web application security by uncovering fundamental design flaws, providing sanity checks for programmers and architects, and make applications compliant with PCI DSS Standard with respect to XSS and SQL Injection.

Share