E-book details

Learning Pentesting for Android Devices. Android’s popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps

Learning Pentesting for Android Devices. Android’s popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps

Aditya Gupta

Ebook
  • Learning Pentesting for Android Devices
    • Table of Contents
    • Learning Pentesting for Android Devices
    • Credits
    • Foreword
    • About the Author
    • Acknowledgments
    • About the Reviewers
    • www.PacktPub.com
      • Support files, eBooks, discount offers, and more
        • Why subscribe?
        • Free access for Packt account holders
    • Preface
      • What this book covers
      • What you need for this book
      • Who this book is for
      • Conventions
      • Reader feedback
      • Customer support
        • Downloading the example code
        • Downloading the color images of the book
        • Errata
        • Piracy
        • Questions
    • 1. Getting Started with Android Security
      • Introduction to Android
      • Digging deeper into Android
      • Sandboxing and the permission model
      • Application signing
      • Android startup process
      • Summary
    • 2. Preparing the Battlefield
      • Setting up the development environment
        • Creating an Android virtual device
      • Useful utilities for Android Pentest
        • Android Debug Bridge
        • Burp Suite
        • APKTool
      • Summary
    • 3. Reversing and Auditing Android Apps
      • Android application teardown
      • Reversing an Android application
      • Using Apktool to reverse an Android application
      • Auditing Android applications
      • Content provider leakage
      • Insecure file storage
        • Path traversal vulnerability or local file inclusion
        • Client-side injection attacks
      • OWASP top 10 vulnerabilities for mobiles
      • Summary
    • 4. Traffic Analysis for Android Devices
      • Android traffic interception
      • Ways to analyze Android traffic
        • Passive analysis
        • Active analysis
      • HTTPS Proxy interception
        • Other ways to intercept SSL traffic
      • Extracting sensitive files with packet capture
      • Summary
    • 5. Android Forensics
      • Types of forensics
      • Filesystems
        • Android filesystem partitions
      • Using dd to extract data
        • Using a custom recovery image
      • Using Andriller to extract an applications data
      • Using AFLogical to extract contacts, calls, and text messages
      • Dumping application databases manually
      • Logging the logcat
      • Using backup to extract an application's data
      • Summary
    • 6. Playing with SQLite
      • Understanding SQLite in depth
        • Analyzing a simple application using SQLite
      • Security vulnerability
      • Summary
    • 7. Lesser-known Android Attacks
      • Android WebView vulnerability
        • Using WebView in the application
        • Identifying the vulnerability
      • Infecting legitimate APKs
      • Vulnerabilities in ad libraries
      • Cross-Application Scripting in Android
      • Summary
    • 8. ARM Exploitation
      • Introduction to ARM architecture
        • Execution modes
      • Setting up the environment
      • Simple stack-based buffer overflow
      • Return-oriented programming
      • Android root exploits
      • Summary
    • 9. Writing the Pentest Report
      • Basics of a penetration testing report
      • Writing the pentest report
        • Executive summary
        • Vulnerabilities
        • Scope of the work
        • Tools used
        • Testing methodologies followed
        • Recommendations
        • Conclusion
        • Appendix
      • Summary
      • Security Audit of
        • Attify's Vulnerable App
      • Table of Contents
      • 1. Introduction
        • 1.1 Executive Summary
        • 1.2 Scope of the Work
        • 1.3 Summary of Vulnerabilities
      • 2. Auditing and Methodology
        • 2.1 Tools Used
        • 2.2 Vulnerabilities
          • Issue #1: Injection vulnerabilities in the Android application
          • Issue #2: Vulnerability in the WebView component
          • Issue #3: No/Weak encryption
          • Issue #4: Vulnerable content providers
      • 3. Conclusions
        • 3.1 Conclusions
        • 3.2 Recommendations
    • Index
  • Title: Learning Pentesting for Android Devices. Android’s popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps
  • Author: Aditya Gupta
  • Original title: Learning Pentesting for Android Devices. Android’s popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps.
  • ISBN: 9781783288991, 9781783288991
  • Date of issue: 2014-03-26
  • Format: Ebook
  • Item ID: e_3d23
  • Publisher: Packt Publishing