<![CDATA[Application security is crucial for protecting user data from cyber threats, particularly in Android applications that utilize One-Time Password (OTP)-based authentication. This study evaluates the security of Firebase OTP via email using a combination of Static Application Security Testing (SAST) with Mobile Security Framework (MobSF) and Interactive Application Security Testing (IAST) with AppSweep. The results show that the combination of SAST and IAST is superior to single testing methods due to its wider detection coverage. SAST detects vulnerabilities in static code, while IAST identifies exploits in runtime. The testing showed significant improvements, with high-severity vulnerabilities decreasing from 3 cases in OTP-1 to zero in OTP-5, and the security score increasing from 43 (B) to 78 (A) in MobSF. Meanwhile, the number of vulnerabilities in AppSweep decreased from 14 to 9, with all high-severity vulnerabilities resolved. However, this study still has limitations, such as limited dataset coverage and potential bias from the testing tool. For further improvement, additional research can integrate artificial intelligence to automate vulnerability detection, as well as explore biometric-based authentication to enhance system security even further.]]>
Copyrights © 2025
