The increasing availability of security-related data on the Web requires efficient and scalable approaches for data integration and analysis. In the context of software security, a holistic methodology that combines multiple data sources is essential to understand evolving threats. This paper presents a novel web crawling-based process designed to systematically retrieve and integrate security-related information from multiple vulnerability data repositories. This process has been leveraged to build G-MAWD, a Graph-based Mobile Application Vulnerability and Weakness Database, that we show to be effective for analyzing web-related security risks in mobile applications, including vulnerabilities in WebView, WKWebView, and authentication mechanisms such as OAuth and JWT. By enabling large-scale security analysis through flexible querying and relationship exploration, this approach highlights the potential of distributed web crawling and graph-based modeling to advance security research and improve software quality.
A Web Crawling-Based Process and a Graph-Based Database for Mobile Vulnerability Analysis / Amalfitano, Domenico; Abbate, Andrea; Distante, Damiano; Rinaldi, Antonio M.; Russo, Cristiano; Tommasino, Cristian. - 15749 LNCS:(2025), pp. 145-159. ( 25th International Conference on Web Engineering, ICWE 2025 Netherlands 2025) [10.1007/978-3-031-97207-2_12].
A Web Crawling-Based Process and a Graph-Based Database for Mobile Vulnerability Analysis
Domenico Amalfitano
;Antonio M. Rinaldi;Cristiano Russo;Cristian Tommasino
2025
Abstract
The increasing availability of security-related data on the Web requires efficient and scalable approaches for data integration and analysis. In the context of software security, a holistic methodology that combines multiple data sources is essential to understand evolving threats. This paper presents a novel web crawling-based process designed to systematically retrieve and integrate security-related information from multiple vulnerability data repositories. This process has been leveraged to build G-MAWD, a Graph-based Mobile Application Vulnerability and Weakness Database, that we show to be effective for analyzing web-related security risks in mobile applications, including vulnerabilities in WebView, WKWebView, and authentication mechanisms such as OAuth and JWT. By enabling large-scale security analysis through flexible querying and relationship exploration, this approach highlights the potential of distributed web crawling and graph-based modeling to advance security research and improve software quality.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
