Cargando…
Mobile application penetration testing : explore real-world threat scenarios, attacks on mobile applications, and ways to counter them /
Explore real-world threat scenarios, attacks on mobile applications, and ways to counter themAbout This Book Gain insights into the current threat landscape of mobile applications in particular Explore the different options that are available on mobile platforms and prevent circumventions made by at...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Birmingham, UK :
Packt Publishing,
2016.
|
| Colección: | Community experience distilled.
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Mobile Application Security Landscape; The smartphone market share; The android operating system; The iPhone operating system (iOS); Different types of mobile applications; Native apps; Mobile web apps; Hybrid apps; Public Android and iOS vulnerabilities; Android vulnerabilities; iOS vulnerabilities; The key challenges in mobile application security; The impact of mobile application security; The need for mobile application penetration testing; Current market reaction
- The mobile application penetration testing methodologyDiscovery; Analysis/assessment; Exploitation; Reporting; The OWASP mobile security project; OWASP mobile top 10 risks; Vulnerable applications to practice; Summary; Chapter 2: Snooping Around the Architecture; The importance of architecture; The Android architecture; The Linux kernel; Confusion between Linux and the Linux kernel; Android runtime; The java virtual machine; The Dalvik virtual machine; Zygote; Core Java libraries; ART; Native libraries; The application framework; The applications layer; Native Android or system apps
- User-installed or custom appsThe Android software development kit; Android application packages (APK); Android application components; Intent; Activity; Services; Broadcast receivers; Content providers; Android Debug Bridge; Application sandboxing; Application signing; Secure inter-process communication; The Binder process; The Android permission model; The Android application build process; Android rooting; iOS architecture; Cocoa Touch; Media; Core services; Core OS; iOS SDK and Xcode; iOS application programming languages; Objective-C; The Objective-C runtime; Swift
- Understanding application statesApple's iOS security model; Device-level security; System-level security; An introduction to the secure boot chain; System software authorization; Secure Enclave; Data-level security; Data-protection classes; Keychain data protection; Changes in iOS 8 and 9; Network-level security; Application-level security; Application code signing; The iOS app sandbox; iOS isolation; Process isolation; Filesystem isolation; ASLR; Stack protection (non-executable stack and heap); Hardware-level security; iOS permissions; The iOS application structure; Jailbreaking
- Why jailbreak a device?Types of jailbreaks; Untethered jailbreaks; Tethered jailbreaks; Semi-tethered jailbreaks; Jailbreaking tools at a glance; The Mach-O binary file format; Inspecting a Mach-O binary; Property lists; Exploring the iOS filesystem; Summary; Chapter 3: Building a Test Environment; Mobile app penetration testing environment setup; Android Studio and SDK; The Android SDK; The Android Debug Bridge; Connecting to the device; Getting access to the device; Installing an application to the device; Extracting files from the device; Storing files to the device; Stopping the service