移动应用安全防护能力评估方法研究

Research on evaluation method of mobile application security protection capability

主要从探索移动应用安全威胁的趋势出发,首先研究了国内外针对移动应用安全防护能力问题的基本实践和做法;然后,总结了移动应用开发基本流程及各阶段所应该具备的安全能力要素,并依据相应技术手段实现所能达到的安全强度划分了安全等级,形成了移动应用安全防护能力评估框架和评估方法;最后,提出了提升行业移动应用安全防护能力的对策建议,有助于推动建立移动应用安全生态圈。

Based on the trend of the mobile application security thread, this paper studies the basic practice of mobile application security protection at home and abroad.Secondly, it summarizes the basic process of mobile application development and the security capabilities that should be available in each stage, according to the corresponding technical means to achieve the security intensity, the mobile application security capabilities are divided into three levels, then the framework of evaluation of mobile application security protection is formed. Finally, the paper puts forward some countermeasures and suggestions to enhance the security of mobile application security, which is helpful to promote the establishment of mobile application security ecosystem.