Peeking and Testing Broken Object Level Authorization Vulnerability onto E-Commerce and E-Banking Mobile Applications

摘要

Internet traffic is already a daily usage and unavoidable for many people, moreover, people needs it anywhere and anytime, so that more companies tend to fulfill that desire onto bringing some of the application to mobile devices. This research aim to find out whether the mobile application security has been the prioritize for the company or not. Several mobile applications has been tested ethically and legal in two impactful industries in Indonesia, E-Commerce and Banking. Several findings has been found in the mobile application just tested by using Broken Object Level Authorization which is the first point of top ten OWASP vulnerabilities. All attacks conducted are not complicated to reproduce, malicious user only need to know the basic of request interception in mobile phone or web application, the attack could be done by using any free proxy software. High dependency only on Jailbreak Detection, Root Detection and SSL Pinning as the main security protocol is not a wise decision to be taken.