Szczegóły ebooka

Learning Pentesting for Android Devices. Android's popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps

Learning Pentesting for Android Devices. Android's popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps

Aditya Gupta

EBOOK
Kup pozycję na ebookpoint.pl
This is an easy-to-follow guide, full of hands-on and real-world examples of applications. Each of the vulnerabilities discussed in the book is accompanied with the practical approach to the vulnerability, and the underlying security issue. This book is intended for all those who are looking to get started in Android security or Android application penetration testing. You don’t need to be an Android developer to learn from this book, but it is highly recommended that developers have some experience in order to learn how to create secure applications for Android.
  • Learning Pentesting for Android Devices
    • Table of Contents
    • Learning Pentesting for Android Devices
    • Credits
    • Foreword
    • About the Author
    • Acknowledgments
    • About the Reviewers
    • www.PacktPub.com
      • Support files, eBooks, discount offers, and more
        • Why subscribe?
        • Free access for Packt account holders
    • Preface
      • What this book covers
      • What you need for this book
      • Who this book is for
      • Conventions
      • Reader feedback
      • Customer support
        • Downloading the example code
        • Downloading the color images of the book
        • Errata
        • Piracy
        • Questions
    • 1. Getting Started with Android Security
      • Introduction to Android
      • Digging deeper into Android
      • Sandboxing and the permission model
      • Application signing
      • Android startup process
      • Summary
    • 2. Preparing the Battlefield
      • Setting up the development environment
        • Creating an Android virtual device
      • Useful utilities for Android Pentest
        • Android Debug Bridge
        • Burp Suite
        • APKTool
      • Summary
    • 3. Reversing and Auditing Android Apps
      • Android application teardown
      • Reversing an Android application
      • Using Apktool to reverse an Android application
      • Auditing Android applications
      • Content provider leakage
      • Insecure file storage
        • Path traversal vulnerability or local file inclusion
        • Client-side injection attacks
      • OWASP top 10 vulnerabilities for mobiles
      • Summary
    • 4. Traffic Analysis for Android Devices
      • Android traffic interception
      • Ways to analyze Android traffic
        • Passive analysis
        • Active analysis
      • HTTPS Proxy interception
        • Other ways to intercept SSL traffic
      • Extracting sensitive files with packet capture
      • Summary
    • 5. Android Forensics
      • Types of forensics
      • Filesystems
        • Android filesystem partitions
      • Using dd to extract data
        • Using a custom recovery image
      • Using Andriller to extract an applications data
      • Using AFLogical to extract contacts, calls, and text messages
      • Dumping application databases manually
      • Logging the logcat
      • Using backup to extract an application's data
      • Summary
    • 6. Playing with SQLite
      • Understanding SQLite in depth
        • Analyzing a simple application using SQLite
      • Security vulnerability
      • Summary
    • 7. Lesser-known Android Attacks
      • Android WebView vulnerability
        • Using WebView in the application
        • Identifying the vulnerability
      • Infecting legitimate APKs
      • Vulnerabilities in ad libraries
      • Cross-Application Scripting in Android
      • Summary
    • 8. ARM Exploitation
      • Introduction to ARM architecture
        • Execution modes
      • Setting up the environment
      • Simple stack-based buffer overflow
      • Return-oriented programming
      • Android root exploits
      • Summary
    • 9. Writing the Pentest Report
      • Basics of a penetration testing report
      • Writing the pentest report
        • Executive summary
        • Vulnerabilities
        • Scope of the work
        • Tools used
        • Testing methodologies followed
        • Recommendations
        • Conclusion
        • Appendix
      • Summary
      • Security Audit of
        • Attify's Vulnerable App
      • Table of Contents
      • 1. Introduction
        • 1.1 Executive Summary
        • 1.2 Scope of the Work
        • 1.3 Summary of Vulnerabilities
      • 2. Auditing and Methodology
        • 2.1 Tools Used
        • 2.2 Vulnerabilities
          • Issue #1: Injection vulnerabilities in the Android application
          • Issue #2: Vulnerability in the WebView component
          • Issue #3: No/Weak encryption
          • Issue #4: Vulnerable content providers
      • 3. Conclusions
        • 3.1 Conclusions
        • 3.2 Recommendations
    • Index
  • Tytuł:Learning Pentesting for Android Devices. Android's popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps
  • Autor:Aditya Gupta
  • Tytuł oryginału:Learning Pentesting for Android Devices. Android's popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps.
  • ISBN:9781783288991, 9781783288991
  • Data wydania:2014-03-26
  • Format:Ebook
  • Identyfikator pozycji: e_3d23
  • Wydawca: Packt Publishing