Cargando…
Android apps security : mitigate hacking attacks and security breaches /
Gain the information you need to design secure, useful, high-performing apps that expose end-users to as little risk as possible. This book shows you how to best design and develop Android apps with security in mind: explore concepts that you can use to secure apps and how you can use and incorporat...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
[United States] :
Apress,
2020.
|
| Edición: | Second edition. |
| Colección: | ITpro collection
|
| Temas: | |
| Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Intro
- Table of Contents
- About the Author
- About the Technical Reviewer
- Acknowledgments
- Introduction
- Chapter 1: Introduction
- The Startup Landscape
- Between Two Books
- What Is Malware?
- Launching Attacks via Phones
- Hello, I'm Your CTO
- Hello, I'm Your CISO
- Reporting to the CEO
- Reporting to the CFO
- Reporting to the CTO
- Reviewing What Gets Published
- Did I Just Waste My Time Reading All This?
- Chapter 2: Recap of Secure Development Principles
- Privacy
- Swatting
- Data Security
- Data Encryption
- Calling Up Sensitive Information
- Network Security
- Chapter 3: App Licensing and SafetyNet
- API Key
- Building the Back End
- Pseudocode for the Back End
- Validation
- The Payload
- Can This Be Bypassed?
- So, Why Don't Many People Use SafetyNet?
- Chapter 4: Securing Your Apps at Scale
- Static Source Code Security Analysis
- Third-Party Libraries or Dependencies
- Developer Training
- Obfuscation
- String Encryption
- Class Renaming
- Spaghetti Code/Control Flow Alteration
- NOP and Code Injection
- Which Obfuscator to Use
- Our Base Program
- Summary
- Vulnerability Assessment
- The Red Team
- The Blue Team
- A Word About Automation
- The Compliance Team
- Visualizing the Team
- Improvements
- Running on the Emulator
- Chapter 5: Hacking Your App
- Feature Examination
- Getting the APK File
- The Android Debug Bridge (adb)
- Developer Mode
- Static Analysis
- APKTool
- JEB
- Chapter 6: The Tool Bag
- The Builder Tools
- Android Studio
- My Android Studio Tweaks
- Creating a Virtual Device
- The Breaker Tools
- Burp Suite
- Web Application Security Test Kit
- My Burp Suite Tweaks
- Frida
- Dynamic Instrumentation Toolkit
- JEB
- Android Decompiler
- Some Thoughts on Environment Setup
- Chapter 7: Hacking Your App #2
- Dynamic Analysis
- Disassembling the APK
- Setting the "android:debuggable" Flag
- Reassembling and Signing the APK
- Signing with apksigner
- Signing with jarsigner
- Debugging with JEB
- Debugging for Free
- Frida's Interesting Tricks
- Chapter 8: Rooting Your Android Device
- What Is Root?
- Why Root?
- Rooting Safely
- The Rooting Process
- Getting the Factory Image
- Installing Magisk Manager
- Patching the boot.img File
- Unlock the Device Bootloader
- Flashing the Modified boot.img
- Completing the Rooting Process
- Looking a Little Bit Deeper
- Other Ways of Rooting
- Testing Frida
- Examining the Filesystem
- Detecting and Hiding Root
- Defeating Root Detection
- Further Tools to Help Debugging
- Summary
- Chapter 9: Bypassing SSL Pinning
- SSL Certificates
- Domain Validation
- Organizational Validation
- Extended Validation
- Self-Signed Certificates
- A Note About Verification
- Getting a DV Certificate
- Certbot
- The Back End
- Back-End Server Specification
- Android Client
- Testing SSL Traffic Interception with Burp Suite
- Adding SSL Pinning