Vulnerability Assessment of Mobile Financial Service Applications In Bangladesh

Rahman, Tanvir; Mehnaz, Tasnuva; Durjoy, Mahbubur Rahman

dc.contributor.author	Rahman, Tanvir
dc.contributor.author	Mehnaz, Tasnuva
dc.contributor.author	Durjoy, Mahbubur Rahman
dc.date.accessioned	2023-03-16T09:23:09Z
dc.date.available	2023-03-16T09:23:09Z
dc.date.issued	2022-05-30
dc.identifier.citation	[1] N. Bilton and B. Stelter, “Sony says playstation hacker got personal data,” The New York Times, 2011. [2] M. Jewell, “Data theft believed to be biggest hack,” The Washington Post, 2007. [3] B. Acohido, “Hackers breach heartland payment credit card system,” Retrieved October, vol. 18, no. 2011, pp. 2009–0, 2009. [4] M. A. Rahman, M. Amjad, B. Ahmed, and M. S. Siddik, “Analyzing web application vulnerabilities: an empirical study on e-commerce sector in bangladesh,” pp. 1–6, 2020. [5] D. Gillman, Y. Lin, B. Maggs, and R. K. Sitaraman, “Protecting websites from attack with secure delivery networks,” Computer, vol. 48, no. 4, pp. 26–34, 2015. [6] Y. Cifuentes, L. Beltran, and L. Ram ´ ´ırez, “Analysis of security vulnerabilities for mobile health applications,” International Journal of Health and Medical Engineering, vol. 9, no. 9, pp. 1067–1072, 2015. [7] J. Li, “Vulnerabilities mapping based on owasp-sans: a survey for static application security testing (sast),” Annals of Emerging Technologies in Computing (AETiC), Print ISSN, pp. 2516–0281, 2020. [8] E. B. Blancaflor, G. A. J. Anson, A. M. V. Encinas, et al., “A vulnerability assessment on the parental control mobile applications’ security: Status based on the owasp security requirements,” [9] G. LaMalva and S. Schmeelk, “Mobsf: Mobile health care android applications through the lens of open source static analysis,” in 2020 IEEE MIT Undergraduate Research Technology Conference (URTC), pp. 1–4, IEEE, 2020. [10] M. Patil and D. Pramod, “Andrev: Reverse engineering tool to extract permissions of android mobile apps for analysis,” in Computer Networks and Inventive Communication Technologies, pp. 1199–1207, Springer, 2021. [11] M. Naja, A. Shafana, and A. Musfira, “Automated software testing and tool selection: case study based on security testing of popular e-commerce applications in malaysia,” 2021. [12] Z. Han, X. Li, Z. Xing, H. Liu, and Z. Feng, “Learning to predict severity of software vulnerability using only vulnerability description,” pp. 125–136, 2017.	en_US
dc.identifier.uri	http://hdl.handle.net/123456789/1778
dc.description	Supervised by Mr. Ashraful Alam Khan, Asst. Professor, Co-Supervisors: Mr. S.M. Sabit Bananee and Mr. Imtiaj Ahmed Chowdhury, Lecturer Department of Computer Science and Engineering(CSE), Islamic University of Technology (IUT) Board Bazar, Gazipur-1704, Bangladesh. This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science and Engineering, 2022.	en_US
dc.description.abstract	In the era of the internet and smartphone, digital financial transaction services make people’s lives easier. In Bangladesh there are several prominent Mobile Financial Service (MFS) provider companies which give service to their customers. Companies launch android and iOS applications to make this service more reachable to their clients. These applications help people to purchase, pay or transfer money with the smartphone caring in his/her hand. While developing, for many reasons like coding flaws, logical errors, misconfiguration or vulnerable architectural design in applications could lead to compromise of that system. So security is the main concern here to keep client’s money safe. This study is able to analyze the vulnerability level of top five Mo- bile Financial Service (MFS) applications available in Bangladesh. Popular scanning tools like Mobile Security Framework (MobSF), QUIXXI and Immuniweb are used to analyze this study following the Open Source Web Application Project (OWASP) Mobile Application Security Verification Standard (MASVS). After analyzing and comparing all the reports from selected tools are merged together and break down the application level vulnerabilities. Among the common issues found in almost every application, the percentage of High risk is alarming. This indicates a concern for the organization to defend against any cyber attack and also for losing reputation.	en_US
dc.language.iso	en	en_US
dc.publisher	Department of Computer Science and Engineering(CSE), Islamic University of Technology(IUT), Board Bazar, Gazipur, Bangladesh	en_US
dc.subject	MFS, MobSF, QUIXXI, Immuniweb,	en_US
dc.title	Vulnerability Assessment of Mobile Financial Service Applications In Bangladesh	en_US
dc.type	Thesis	en_US