Application Security Analysis Mobile Commerce With Mobile Security Framework(MOBSF) and OWASP Mobile Application Security Testing Guide(MASTG)

Abstract

The development of Information Technology is currently growing very rapidly, one of which is the use of mobile devices today. In recent years, the use of mobile applications has increased in various areas of Indonesian society's life. However, cyber crimes such as data leaks are also increasing in Indonesia. One of them is the case of data theft in mobile commerce applications in Indonesia, where as many as 91 million user data were traded by hackers illegally on Dark Web sites. Jakmall's mobile commerce application also stores sensitive user data for use in its business processes such as email, passwords, addresses, telephone numbers and account numbers. The purpose of this study is to analyze and identify security vulnerabilities or loopholes that could harm providers and users of the Android-based Jakmall mobile commerce application with the Mobile Security Framework (MOBSF) and the OWASP Mobile Application Security Testing Guide (MASTG). This research was carried out in 5 (five) stages, namely Preparation, Intelligence Gathering (data collection), Mapping the Application (mapping vulnerabilities), Exploitation (exploitation), and Reporting (reports). The results of the study found that the Jakmall mobile commerce application has a security gap issue in the Data Storage range in parameter (MSTG-STORAGE-5) and in the Authentication Architectures range in parameter (MSTG-AUTH-5 and MSTG-AUTH-6).