Mobile application penetration testing : explore real-world threat scenarios, attacks on mobile applications, and ways to counter them / Vijay Kumar Velu.

Format:

Book

Author/Creator:

Velu, Vijay Kumar, author.

Series:

Community experience distilled.

Community experience distilled

Language:

English

Subjects (All):

Mobile communication systems--Security measures.

Mobile communication systems.

Mobile computing--Security measures.

Mobile computing.

Physical Description:

1 online resource (313 p.)

Edition:

1st edition

Place of Publication:

Birmingham : Packt Publishing, 2016.

System Details:

text file

Summary:

Explore real-world threat scenarios, attacks on mobile applications, and ways to counter them About This Book Gain insights into the current threat landscape of mobile applications in particular Explore the different options that are available on mobile platforms and prevent circumventions made by attackers This is a step-by-step guide to setting up your own mobile penetration testing environment Who This Book Is For If you are a mobile application evangelist, mobile application developer, information security practitioner, penetration tester on infrastructure web applications, an application security professional, or someone who wants to learn mobile application security as a career, then this book is for you. This book will provide you with all the skills you need to get started with Android and iOS pen-testing. What You Will Learn Gain an in-depth understanding of Android and iOS architecture and the latest changes Discover how to work with different tool suites to assess any application Develop different strategies and techniques to connect to a mobile device Create a foundation for mobile application security principles Grasp techniques to attack different components of an Android device and the different functionalities of an iOS device Get to know secure development strategies for both iOS and Android applications Gain an understanding of threat modeling mobile applications Get an in-depth understanding of both Android and iOS implementation vulnerabilities and how to provide counter-measures while developing a mobile app In Detail Mobile security has come a long way over the last few years. It has transitioned from "should it be done?" to "it must be done!"Alongside the growing number of devises and applications, there is also a growth in the volume of Personally identifiable information (PII), Financial Data, and much more. This data needs to be secured. This is why Pen-testing is so important to modern application developers. You need to know how to secure user data, and find vulnerabilities and loopholes in your application that might lead to security breaches. This book gives you the necessary skills to security test your mobile applications as a beginner, developer, or security practitioner. You'll start by discovering the internal components of an Android and an iOS application. Moving ahead, you'll understand the inter-process working of these applications. Then you'll set up a test environment for this application using various...

Contents:

Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Mobile Application Security Landscape; The smartphone market share; The android operating system; The iPhone operating system (iOS); Different types of mobile applications; Native apps; Mobile web apps; Hybrid apps; Public Android and iOS vulnerabilities; Android vulnerabilities; iOS vulnerabilities; The key challenges in mobile application security; The impact of mobile application security; The need for mobile application penetration testing; Current market reaction

The mobile application penetration testing methodologyDiscovery; Analysis/assessment; Exploitation; Reporting; The OWASP mobile security project; OWASP mobile top 10 risks; Vulnerable applications to practice; Summary; Chapter 2: Snooping Around the Architecture; The importance of architecture; The Android architecture; The Linux kernel; Confusion between Linux and the Linux kernel; Android runtime; The java virtual machine; The Dalvik virtual machine; Zygote; Core Java libraries; ART; Native libraries; The application framework; The applications layer; Native Android or system apps

User-installed or custom appsThe Android software development kit; Android application packages (APK); Android application components; Intent; Activity; Services; Broadcast receivers; Content providers; Android Debug Bridge; Application sandboxing; Application signing; Secure inter-process communication; The Binder process; The Android permission model; The Android application build process; Android rooting; iOS architecture; Cocoa Touch; Media; Core services; Core OS; iOS SDK and Xcode; iOS application programming languages; Objective-C; The Objective-C runtime; Swift

Understanding application statesApple's iOS security model; Device-level security; System-level security; An introduction to the secure boot chain; System software authorization; Secure Enclave; Data-level security; Data-protection classes; Keychain data protection; Changes in iOS 8 and 9; Network-level security; Application-level security; Application code signing; The iOS app sandbox; iOS isolation; Process isolation; Filesystem isolation; ASLR; Stack protection (non-executable stack and heap); Hardware-level security; iOS permissions; The iOS application structure; Jailbreaking

Why jailbreak a device?Types of jailbreaks; Untethered jailbreaks; Tethered jailbreaks; Semi-tethered jailbreaks; Jailbreaking tools at a glance; The Mach-O binary file format; Inspecting a Mach-O binary; Property lists; Exploring the iOS filesystem; Summary; Chapter 3: Building a Test Environment; Mobile app penetration testing environment setup; Android Studio and SDK; The Android SDK; The Android Debug Bridge; Connecting to the device; Getting access to the device; Installing an application to the device; Extracting files from the device; Storing files to the device; Stopping the service

Viewing the log information

Notes:

Includes index.

Description based on online resource; title from PDF title page (ebrary, viewed July 4, 2016).

ISBN:

9781785888694

1785888692

OCLC:

945741125