<![CDATA[The increasing number of mobile device users in Indonesia has encouraged the government to utilize mobile applications as an SPBE service function. The mobile SPBE application is a form of SPBE service in the form of application that can be operated on a mobile device. The mobile SPBE application can of course provide benefits to its users, however, there are security risks that need to be anticipated. So through BSSN Regulation Number 4 of 2021 it is mandated that every government agency must implement SPBE security and identify security requirements that have not been implemented in the mobile SPBE application. So the security vetting framework becomes important and necessary to identify and validate security requirements that have not been implemented. However, there is currently no such framework. Therefore, in this research, a framework design was proposed for vetting the security of the mobile SPBE application based on the Android operating system. The design of the security vetting framework adopts NIST SP 800-163r1 which is integrated with application security testing using automated tools and manual testing. Manual testing was carried out according to the OWASP MASTG standard taking into account API security testing based on OWASP API Security. Then the results of application security testing are used to validate the mobile SPBE application security requirements. Based on the simulation results of the framework design on a sample SPBE mobile ABC application owned by a local government in Indonesia, violations were found against several mobile SPBE application security requirements. Then based on the simulation results, the framework design can validate all mobile SPBE application security requirements and is expected to be a reference for government agencies to carry out security vetting for mobile SPBE applications.]]>
Copyrights © 2023
