Penetration testing model for mobile cloud computing applications / Ahmad Salah Mahmoud Al-Ahmad

Mahmoud Al-Ahmad, Ahmad Salah (2017) Penetration testing model for mobile cloud computing applications / Ahmad Salah Mahmoud Al-Ahmad. In: The Doctoral Research Abstracts. IGS Biannual Publication, 11 (11). Institute of Graduate Studies, UiTM, Shah Alam.


Mobile cloud computing (MCC) technology possess features mitigating mobile limitations and enhancing cloud services. MCC application penetration testing issues are complex and unique which make the testing difficult for junior penetration testers. It is complex as MCC applications have three intersecting vulnerability domains, namely mobile, web, and cloud. The offloading process adds uniqueness and complexity to the MCC application penetration testing in terms of generating, selecting and executing test cases. To solve these issues, this thesis constructs a model for MCC application penetration testing that reduces the complexity, tackles the uniqueness and assists junior testers in conducting penetration tests on MCC applications more effectively and efficiently. The main objectives of this thesis are to discover the issues in conducting penetration testing on MCC applications and to construct and evaluate MCC application penetration testing model. Design science research methodology is applied with four phases: (i) Theoretical framework construction phase (ii) Model construction phase entails designing the components and processes of MCC application penetration to reduce the complexity and address offloading; (iii) Model implementation phase implements the components and processes of the model into model guidelines and integrated tool called PT2-MCC. This tool manages the repositories, generates and selects test cases, and implements the mobile agent component; (iv) Model evaluation phase applies case study approach and uses an evaluation framework to evaluate the model against selected testing quality and performance attributes. In model evaluation phase, a junior penetration tester conducted two case studies on two MCC applications built by extending two open source native mobile applications…


Item Type: Book Section
CreatorsEmail / ID. Num
Mahmoud Al-Ahmad, Ahmad SalahUNSPECIFIED
Subjects: L Education > LB Theory and practice of education > Higher Education > Dissertations, Academic. Preparation of theses > Malaysia
Divisions: Universiti Teknologi MARA, Shah Alam > Institut Pengajian Siswazah (IPSis) : Institute of Graduate Studies (IGS)
Series Name: IGS Biannual Publication
Volume: 11
Number: 11
Item ID: 19704
Uncontrolled Keywords: Abstract; Abstract of thesis; Newsletter; Research information; Doctoral graduates; IPSis; IGS; UiTM; mobile cloud



Download (756kB) | Preview

Actions (login required)

View Item View Item


Downloads per month over past year