Amazon cover image
Image from Amazon.com

The Mobile application hacker's handbook / Dominic Chell, Tyrone Erasmus, Shaun Colley, Ollie Whitehouse.

By: Contributor(s): Material type: TextTextPublisher: Indianapolis, IN : Wiley, 2015Description: xxxviii, 770 pages : illustrations ; 24 cmContent type:
  • text
Media type:
  • unmediated
Carrier type:
  • volume
ISBN:
  • 9781118958506
Subject(s): DDC classification:
  • 23 005.8 CH.M 2015
LOC classification:
  • MLCS 2018/46689 (Q)
Online resources:
Contents:
Machine generated contents note:The Evolution of Mobile Applications -- Common Mobile Application Functions -- Benefits of Mobile Applications -- Mobile Application Security -- Key Problem Factors -- Underdeveloped Security Awareness -- Ever-Changing Attack Surfaces -- Economic and Time Constraints -- Custom Development -- The OWASP Mobile Security Project -- OWASP Mobile Top Ten -- OWASP Mobile Security Tools -- The Future of Mobile Application Security -- Summary -- Understanding the Security Model -- Initializing iOS with Secure Boot Chain -- Introducing the Secure Enclave -- Restricting Application Processes with Code Signing -- Isolating Applications with Process-Level Sandboxing -- Protecting Information with Data-at-Rest Encryption -- Protecting Against Attacks with Exploit Mitigation Features -- Understanding iOS Applications -- Distribution of iOS Applications -- Apple App Store -- Enterprise Distribution -- Application Structure -- Installing Applications -- Understanding Application Permissions -- Jailbreaking Explained -- Reasons for Jailbreaking -- Types of Jailbreaks -- Building a Test Environment -- Accessing the Device -- Building a Basic Toolkit -- Cydia -- BigBoss Recommended Tools -- Apple's CC Tools -- Debuggers -- Tools for Signing Binaries -- Installipa -- Exploring the Filesystem -- Property Lists -- Binary Cookies -- SQLite Databases -- Understanding the Data Protection API -- Understanding the iOS Keychain -- Access Control and Authentication Policies in iOS 8 -- Accessing the iOS Keychain -- Understanding Touch ID -- Reverse Engineering iOS Binaries -- Analyzing iOS Binaries -- Identifying Security-Related Features -- Position-Independent Executable -- Stack-Smashing Protection -- Automatic Reference Counting -- Decrypting App Store Binaries -- Decrypting iOS Binaries Using a Debugger -- Automating the Decryption Process -- Inspecting Decrypted Binaries -- Inspecting Objective-C Applications -- Inspecting Swift Applications -- Disassembling and Decompiling iOS Applications -- Summary -- Introduction to Transport Security -- Identifying Transport Insecurities -- Certificate Validation -- SSL Session Security -- Intercepting Encrypted Communications -- Bypassing Certificate Pinning -- Identifying Insecure Storage -- Patching iOS Applications with Hopper -- Attacking the iOS Runtime -- Understanding Objective-C and Swift -- Instrumenting the iOS Runtime -- Introduction to Cydia Substrate -- Using the Cydia Substrate C API -- Tweak Development Using Theos and Logos -- Instrumentation Using Cycript -- Instrumentation Using Frida -- Instrumenting the Runtime Using the Dynamic Linker -- Inspecting iOS Applications using Snoop-it -- Understanding Interprocess Communication -- Attacking Protocol Handlers -- Application Extensions -- Attacking Using Injection -- Injecting into UIWebViews -- Injecting into Client-Side Data Stores -- Injecting into XML -- Injecting into File-Handling Routines -- Summary -- Disclosing Personally Identifiable Information -- Handling Device Identifiers -- Processing the Address Book -- Handling Geolocation Data -- Identifying Data Leaks -- Leaking Data in Application Logs -- Identifying Pasteboard Leakage -- Handling Application State Transitions -- Keyboard Caching -- HTTP Response Caching -- Memory Corruption in iOS Applications -- Format String Vulnerabilities -- Object Use-After-Free -- Other Native Code Implementation Issues -- Summary -- Protecting Data in Your Application -- General Design Principles -- Implementing Encryption -- Protecting Your Data in Transit -- Avoiding Injection Vulnerabilities -- Preventing SQL Injection -- Avoiding Cross-Site Scripting -- Securing Your Application with Binary Protections -- Detecting Jailbreaks -- Jailbreak Artifacts -- Nondefault Open Ports -- Weakening of the Sandbox -- Evidence of System Modifications -- Securing Your Application Runtime -- Tamperproofing Your Application -- Implementing Anti-Debugging Protections -- Obfuscating Your Application -- Summary -- Creating Your First Android Environment -- Understanding Android Applications -- Reviewing Android OS Basics -- Getting to Know Android Packages -- Observing the Structure of a Package -- Installing Packages -- Using Tools to Explore Android -- ADB -- BusyBox -- Standard Android Tools -- drozer -- Introduction to Application Components -- Defining Components -- Interacting with Components -- Looking Under the Hood -- Installing an Application -- Running an Application -- Understanding the Security Model -- Code Signing -- Discovered Vulnerabilities -- Understanding Permissions -- Inspecting the Android Permission Model -- Protection Levels -- Application Sandbox-- Filesystem Encryption -- Generic Exploit Mitigation Protections -- Rooting Explained -- Rooting Objectives -- Rooting Methods -- Reverse-Engineering Applications -- Retrieving APK Files -- Viewing Manifests -- aapt -- AXMLPrinter2 -- drozer -- Disassembling DEX Bytecode -- Dexdump -- Smali and Baksmali -- IDA -- Decompiling DEX Bytecode -- Dex2jar and JD-GUI -- JEB -- Decompiling Optimized DEX Bytecode -- Reversing Native Code -- Additional Tools -- Apktool -- Jadx -- JAD -- Dealing with ART -- Summary -- Exposing Security Model Quirks -- Interacting with Application Components -- Default Export Behavior -- Explicitly Exported -- Implicitly Exported -- Finding Exported Components -- Supreme User Contexts -- Permission Protection Levels -- Attacking Application Components -- A Closer Look at Intents -- Introducing Sieve: Your First Target Application -- Exploiting Activities -- Unprotected Activities -- Tapjacking -- Recent Application Screenshots -- Fragment Injection -- Trust Boundaries -- Exploiting Insecure Content Providers -- Unprotected Content Providers -- SQL Injection -- File-Backed Content Providers -- Pattern-Matching Flaws -- Attacking Insecure Services -- Unprotected Started Services -- Unprotected Bound Services -- Abusing Broadcast Receivers -- Unprotected Broadcast Receivers -- Intent Sniffing -- Secret Codes -- Accessing Storage and Logging -- File and Folder Permissions -- File Encryption Practices -- SD Card Storage -- Logging -- Misusing Insecure Communications -- Web Traffic Inspection -- Finding HTTP Content -- Finding HTTPS Content -- SSL Validation Flaws -- WebViews -- Other Communication Mechanisms -- Clipboard -- Local Sockets -- TCP/UDP Protocols with Other Hosts -- Exploiting Other Vectors -- Abusing Native Code -- Finding Native Code -- Attaching a Debugger -- Exploiting Misconfigured Package Attributes -- Application Backups -- Debuggable Flag -- Additional Testing Techniques -- Patching Applications -- Manipulating the Runtime -- Tool: Xposed Framework -- Tool: Cydia Substrate -- Use Case: SSL Certificate Pinning -- Use Case: Root Detection -- Use Case: Runtime Monitoring -- Summary -- Reviewing Pre-Installed Applications -- Finding Powerful Applications -- Finding Remote Attack Vectors -- Browsers and Document Readers -- BROWSABLE Activities -- Custom Update Mechanisms -- Remote Loading of Code -- WebViews -- Listening Services -- Messaging Applications -- Finding Local Vulnerabilities -- Exploiting Devices -- Using Attack Tools -- Ettercap -- Burp Suite -- drozer -- Explanation of Privilege Levels -- Non-System Application without Context -- Non-System Application with Context -- Installed Package -- ADB Shell Access -- System User Access -- Root User Access -- Practical Physical Attacks -- Getting ADB Shell Access -- Bypassing Lock Screens -- Installing a Rogue drozer Agent through ADB -- Practical Remote Attacks -- Remote Exploits -- Man-in-the-Middle Exploits -- Malware -- Infiltrating User Data -- Using Existing drozer Modules -- Record Microphone -- Read and Send SMS Messages -- Read Contacts -- User GPS Location -- Capturing the User's Screen -- Stealing Files from SD Card -- Other Techniques for Privileged Scenarios -- Extracting Wi-Fi Keys -- User Accounts -- Cracking Patterns, PINS, and Passwords -- Reading Extended Clipboards -- Simulating User Interaction -- Extracting Application Data with Physical Access -- Summary -- Principle of Least Exposure -- Application Components -- Data Storage -- Interacting with Untrusted Sources -- Requesting Minimal Permissions -- Bundling Files Inside the APK -- Essential Security Mechanisms -- Reviewing Entry Points into Application Components -- Securing Activities -- Securing Content Providers -- Securing Broadcast Receivers -- Storing Files Securely -- Creating Files and Folders Securely -- Using Encryption -- Using Random Numbers, Key Generation, and Key Storage -- Exposing Files Securely to Other Applications -- Creating Secure Communications -- Internet Communications -- Local Communications -- Securing WebViews -- JavaScript -- JavaScriptInterface -- Plug-Ins -- Access to Information -- Web Content Validation -- Configuring the Android Manifest -- Application Backups -- Setting the Debuggable Flag -- API Version Targeting -- Logging -- Reducing the Risk of Native Code -- Advanced Security Mechanisms -- Protection Level Downgrade Detection -- Protecting Non-Exported Components -- Slowing Down a Reverse Engineer -- Obfuscation -- Root Detection -- Debugger Detection -- Tamper Detection -- Summary -- Understanding the Security Model-- Note continued: Code Signing and Digital Rights Management (DRM) -- ApplicatiSandboxing -- AppContainer -- Chambers and Capabilities -- Data Encryption 'At Rest' -- Internal Storage Volume -- Secure Digital Card Encryption -- Windows Phone Store Submission Process -- Exploring Exploit Mitigation Features -- Stack Canaries -- Address Space Layout Randomization -- Data Execution Prevention -- Safe Structured Exception Handling -- Userland Heap Safe Unlinking -- Mitigations in Kernel Space -- Understanding Windows Phone 8.x Applications -- Application Packages -- Programming Languages and Types of Applications -- Application Manifests -- Attack Surface Enumeration -- Application Directories -- Distribution of Windows Phone Applications -- Windows Phone Store -- Store Sideloading -- Company App Sideloading/Distribution -- Targeted Application Distribution -- Developer Sideloading -- Building a Test Environment -- SDK Tools -- Obtaining the Development Tools -- Visual Studio -- Emulator -- Developer Unlocking Your Device -- Capability Unlocking Your Device -- Samsung Ativ Full Capability Unlock and Filesystem Access on Windows Phone 8 -- Samsung Ativ Interop Unlock and Filesystem Access on Windows Phone 8.1 via Custom MBN -- Huawei Ascend W1 Full Capability Unlock and Filesystem Access on Windows Phone 8 -- Huawei Ascend Wl-U00 Full Capability Unlock and Filesystem Access on Windows Phone 8.1 -- Using Filesystem Access -- Using Registry Access -- Useful Hacking Tools -- Analyzing Application Binaries -- Reverse Engineering -- Analyzing Exploit Mitigation Features -- Summary -- Analyzing for Data Entry Points -- WebBrowser and WebView Controls -- Bluetooth -- HTTP Sessions -- Network Sockets -- Near Field Communication -- Barcodes -- SD Cards -- Interprocess Communications Interfaces -- Protocol Handlers -- File Extension Handlers -- Toast Notifications -- Attacking Transport Security -- Identifying and Capturing Cleartext HTTP Communications -- Identifying and Capturing HTTPS Communications -- Capturing Non-HTTP/HTTPS Traffic -- SSL Certificate Validation Flaws -- Attacking WebBrowser and WebView Controls -- Cross-Site Scripting -- Local Scripting Attacks -- JavaScript-C# Communication -- Identifying Interprocess Communication Vulnerabilities -- Protocol Handlers -- File Handlers -- Toast Notifications -- Sending Arbitrary Toasts -- Sending Toast Notifications Remotely -- Attacking XML Parsing -- Introducing the XDocument API -- Entity Expansion Denial-of-Service Attacks -- External Entity Expansion Attacks -- Attacking Databases -- LINQ to SQL -- SQLite and SQLCipher -- Attacking File Handling -- Introduction to File Handling -- Directory Traversal Attacks -- Patching .NET Assemblies -- Summary -- Identifying Insecure Application Settings Storage -- Identifying Data Leaks -- HTTP(S) Cookie Storage -- HTTP(S) Caching -- Application Logging -- Identifying Insecure Data Storage -- Unencrypted File Storage -- Insecure Database Storage -- Local Databases -- SQLite-Based Databases -- Insecure Random Number Generation -- System. andom's Predictability -- Multiple Instances of System. Random -- System. Random Thread Safety -- Insecure Cryptography and Password Use -- Hard-Coded Cryptography Keys -- Insecure Storage of Cryptography Keys -- Storing Keys and Passwords in Immutable String Objects -- Failure to Clear Cryptography Keys and Passwords from Memory -- Insecure Key Generation-- Insecure Random Key Generation -- Insecure Password-Based Key Generation and Password Policy -- Use of Weak Cryptography Algorithms, Modes, and Key Lengths -- Data Encryption Standard (DES) -- AES in ECB Mode -- Other Weak Algorithms -- Minimum Public-Private Key Length -- Use of Static Initialization Vectors -- Data Protection API Misuse on Windows Phone -- Identifying Native Code Vulnerabilities -- Stack Buffer Overflows -- Heap Buffer Overflows -- Other Integer-Handling Bugs -- Integer Underflows -- Signedness Errors -- Format String Bugs -- Array Indexing Errors -- Denial-of-Service Bugs -- Unsafe C# Code -- Summary -- General Security Design Considerations -- Storing and Encrypting Data Securely -- Safe Encryption Ciphers and Modes -- Key Generation and Management -- Encrypting Files -- Encrypting Databases -- Windows Phone Local Databases-- SQLite-Based Databases -- Secure Random Number Generation -- Securing Data in Memory and Wiping Memory -- Avoiding SQLite Injection -- Implementing Secure Communications -- Using SSL/TLS -- SSL/TLS Certificate Validation -- Avoiding Cross-Site Scripting in WebViews and WebBrowser Components -- Using SSL/TLS for Network Communications -- Disabling JavaScript -- Safe Construction of Dynamic HTML and JavaScript -- Avoiding Local Scripting Attacks -- Secure XML Parsing -- Clearing Web Cache and Web Cookies -- Clearing Cookies -- Clearing Web Cache -- Avoiding Native Code Bugs -- Using Exploit Mitigation Features -- Summary -- Understanding BlackBerry Legacy -- Architecture, Security, and the Simulator -- Apps and COD Files -- Reverse Engineering COD Files -- Java COD Files -- Zip COD Files -- Java Development Environment and JVM Interface -- App Code Signing -- BlackBerry Mobile Data System -- Device Event Log -- Understanding BlackBerry 10 -- The BlackBerry 10 Platform -- Authman and Launcher -- Apps Packages and BAR Files -- Native Applications -- Cascades Applications -- HTML5 and JavaScript Applications -- Android Applications -- Distributing Applications -- PPS Objects -- Understanding the BlackBerry 10 Security Model -- Process Sandboxing -- Application Capabilities -- Code Signing -- <client-PBDT-xxxxx.csj file>BlackBerry Balance -- BlackBerry 10 Jailbreaking -- Using Developer Mode -- The BlackBerry 10 Device Simulator -- Accessing App Data from a Device -- Accessing BAR Files -- Looking at Applications -- Network Traffic Analysis and Interception -- BAR Archives -- ELF Binaries -- HTML5 and JavaScript -- Summary -- Traversing Trust Boundaries -- Files -- Network Sockets -- UNIX Domain Sockets -- Shared Memory Objects -- PPS Objects -- Channels, Messages, and Events -- Higher-Level Concepts -- Network Traffic -- Invocation Framework -- Clipboard -- Summary -- Limiting Excessive Permissions -- Resolving Data Storage Issues -- Auditing Shared Files -- Checking BAR Files -- Reviewing the Application Sandbox -- Checking Data Transmission -- Encryption -- Integrity -- Handling Personally Identifiable Information and Privacy -- Ensuring Secure Development -- Missing Compiler and Linker Defenses -- Vulnerable Third-Party Libraries -- Native Code Vulnerability Classes -- Injection Vulnerability Classes -- Logic Issues -- Summary -- Securing BlackBerry OS 7.x and Earlier Legacy Java Applications -- General Java Secure Development Principals -- Making Apps Work with the Application Control Policies -- Memory Cleaning -- Controlling File Access and Encryption -- SQLite Database Encryption -- Persistent Store Access Control and Encryption -- Runtime Store Access Control -- Randomness Sources -- SSL, TLS Certificate, and Public Key Pinning in OS 7x and Earlier Legacy Java Applications -- Defending Against Module Squatting -- Obfuscation -- BlackBerry WebWorks Security on BlackBerry OS 7 or Lower -- Securing BlackBerry 10 Native Applications -- General C/C++ Secure Development Principals -- Compiler and Linker Defenses -- Memory Cleaning -- File Access Control -- File Encryption -- Randomness Sources -- SSL, TLS Certificate, and Public Key Pinning in Blackberry 10 Native Applications -- Security Builder Encryption API -- Heap Robustness Against Corruption -- QNX Native IPC Mechanism Security Considerations -- Headless App Interprocess Communication -- Securing BlackBerry 10 Cascades Applications -- Securing BlackBerry 10 HTML5 and JavaScript -- (WebWorks) Applications -- App Invocation Parameters -- Access App Configuration Option -- Websecurity App Configuration Option -- Content Injection Mitigations -- Securing Android Applications on BlackBerry 10 -- Summary -- Introduction to Cross-Platform Mobile Applications -- Bridging Native Functionality -- Exposing Native Functionality on Android -- Exposing Native Functionality on iOS -- Exposing Native Functionality on Windows Phone -- Exposing Native Functionality on BlackBerry -- Exploring PhoneGap and Apache Cordova -- Standard Features of PhoneGap -- PhoneGap and Cordova Security -- Cross-Application and Cross-Site Scripting Attacks -- Understanding Domain Whitelisting -- Iframes and Callbacks -- Encrypted Storage -- Summary.
Summary: See your app through a hacker's eyes to find the real sources of vulnerability The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security. Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data. Understand the ways data can be stored, and how cryptography is defeated Set up an environment for identifying insecurities and the data leakages that arise Develop extensions to bypass security controls and perform injection attacks Learn the different attacks that apply specifically to cross-platform apps IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide.
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)
Holdings
Item type Current library Collection Call number Status Date due Barcode
Books Books The Knowledge Hub Library Computing 005.8 / CH.M 2015 (Browse shelf(Opens below)) Available 190334

Includes index.

Machine generated contents note:The Evolution of Mobile Applications -- Common Mobile Application Functions -- Benefits of Mobile Applications -- Mobile Application Security -- Key Problem Factors -- Underdeveloped Security Awareness -- Ever-Changing Attack Surfaces -- Economic and Time Constraints -- Custom Development -- The OWASP Mobile Security Project -- OWASP Mobile Top Ten -- OWASP Mobile Security Tools -- The Future of Mobile Application Security -- Summary -- Understanding the Security Model -- Initializing iOS with Secure Boot Chain -- Introducing the Secure Enclave -- Restricting Application Processes with Code Signing -- Isolating Applications with Process-Level Sandboxing -- Protecting Information with Data-at-Rest Encryption -- Protecting Against Attacks with Exploit Mitigation Features -- Understanding iOS Applications -- Distribution of iOS Applications -- Apple App Store -- Enterprise Distribution -- Application Structure -- Installing Applications -- Understanding Application Permissions -- Jailbreaking Explained -- Reasons for Jailbreaking -- Types of Jailbreaks -- Building a Test Environment -- Accessing the Device -- Building a Basic Toolkit -- Cydia -- BigBoss Recommended Tools -- Apple's CC Tools -- Debuggers -- Tools for Signing Binaries -- Installipa -- Exploring the Filesystem -- Property Lists -- Binary Cookies -- SQLite Databases -- Understanding the Data Protection API -- Understanding the iOS Keychain -- Access Control and Authentication Policies in iOS 8 -- Accessing the iOS Keychain -- Understanding Touch ID -- Reverse Engineering iOS Binaries -- Analyzing iOS Binaries -- Identifying Security-Related Features -- Position-Independent Executable -- Stack-Smashing Protection -- Automatic Reference Counting -- Decrypting App Store Binaries -- Decrypting iOS Binaries Using a Debugger -- Automating the Decryption Process -- Inspecting Decrypted Binaries -- Inspecting Objective-C Applications -- Inspecting Swift Applications -- Disassembling and Decompiling iOS Applications -- Summary -- Introduction to Transport Security -- Identifying Transport Insecurities -- Certificate Validation -- SSL Session Security -- Intercepting Encrypted Communications -- Bypassing Certificate Pinning -- Identifying Insecure Storage -- Patching iOS Applications with Hopper -- Attacking the iOS Runtime -- Understanding Objective-C and Swift -- Instrumenting the iOS Runtime -- Introduction to Cydia Substrate -- Using the Cydia Substrate C API -- Tweak Development Using Theos and Logos -- Instrumentation Using Cycript -- Instrumentation Using Frida -- Instrumenting the Runtime Using the Dynamic Linker -- Inspecting iOS Applications using Snoop-it -- Understanding Interprocess Communication -- Attacking Protocol Handlers -- Application Extensions -- Attacking Using Injection -- Injecting into UIWebViews -- Injecting into Client-Side Data Stores -- Injecting into XML -- Injecting into File-Handling Routines -- Summary -- Disclosing Personally Identifiable Information -- Handling Device Identifiers -- Processing the Address Book -- Handling Geolocation Data -- Identifying Data Leaks -- Leaking Data in Application Logs -- Identifying Pasteboard Leakage -- Handling Application State Transitions -- Keyboard Caching -- HTTP Response Caching -- Memory Corruption in iOS Applications -- Format String Vulnerabilities -- Object Use-After-Free -- Other Native Code Implementation Issues -- Summary -- Protecting Data in Your Application -- General Design Principles -- Implementing Encryption -- Protecting Your Data in Transit -- Avoiding Injection Vulnerabilities -- Preventing SQL Injection -- Avoiding Cross-Site Scripting -- Securing Your Application with Binary Protections -- Detecting Jailbreaks -- Jailbreak Artifacts -- Nondefault Open Ports -- Weakening of the Sandbox -- Evidence of System Modifications -- Securing Your Application Runtime -- Tamperproofing Your Application -- Implementing Anti-Debugging Protections -- Obfuscating Your Application -- Summary -- Creating Your First Android Environment -- Understanding Android Applications -- Reviewing Android OS Basics -- Getting to Know Android Packages -- Observing the Structure of a Package -- Installing Packages -- Using Tools to Explore Android -- ADB -- BusyBox -- Standard Android Tools -- drozer -- Introduction to Application Components -- Defining Components -- Interacting with Components -- Looking Under the Hood -- Installing an Application -- Running an Application -- Understanding the Security Model -- Code Signing -- Discovered Vulnerabilities -- Understanding Permissions -- Inspecting the Android Permission Model -- Protection Levels -- Application Sandbox-- Filesystem Encryption -- Generic Exploit Mitigation Protections -- Rooting Explained -- Rooting Objectives -- Rooting Methods -- Reverse-Engineering Applications -- Retrieving APK Files -- Viewing Manifests -- aapt -- AXMLPrinter2 -- drozer -- Disassembling DEX Bytecode -- Dexdump -- Smali and Baksmali -- IDA -- Decompiling DEX Bytecode -- Dex2jar and JD-GUI -- JEB -- Decompiling Optimized DEX Bytecode -- Reversing Native Code -- Additional Tools -- Apktool -- Jadx -- JAD -- Dealing with ART -- Summary -- Exposing Security Model Quirks -- Interacting with Application Components -- Default Export Behavior -- Explicitly Exported -- Implicitly Exported -- Finding Exported Components -- Supreme User Contexts -- Permission Protection Levels -- Attacking Application Components -- A Closer Look at Intents -- Introducing Sieve: Your First Target Application -- Exploiting Activities -- Unprotected Activities -- Tapjacking -- Recent Application Screenshots -- Fragment Injection -- Trust Boundaries -- Exploiting Insecure Content Providers -- Unprotected Content Providers -- SQL Injection -- File-Backed Content Providers -- Pattern-Matching Flaws -- Attacking Insecure Services -- Unprotected Started Services -- Unprotected Bound Services -- Abusing Broadcast Receivers -- Unprotected Broadcast Receivers -- Intent Sniffing -- Secret Codes -- Accessing Storage and Logging -- File and Folder Permissions -- File Encryption Practices -- SD Card Storage -- Logging -- Misusing Insecure Communications -- Web Traffic Inspection -- Finding HTTP Content -- Finding HTTPS Content -- SSL Validation Flaws -- WebViews -- Other Communication Mechanisms -- Clipboard -- Local Sockets -- TCP/UDP Protocols with Other Hosts -- Exploiting Other Vectors -- Abusing Native Code -- Finding Native Code -- Attaching a Debugger -- Exploiting Misconfigured Package Attributes -- Application Backups -- Debuggable Flag -- Additional Testing Techniques -- Patching Applications -- Manipulating the Runtime -- Tool: Xposed Framework -- Tool: Cydia Substrate -- Use Case: SSL Certificate Pinning -- Use Case: Root Detection -- Use Case: Runtime Monitoring -- Summary -- Reviewing Pre-Installed Applications -- Finding Powerful Applications -- Finding Remote Attack Vectors -- Browsers and Document Readers -- BROWSABLE Activities -- Custom Update Mechanisms -- Remote Loading of Code -- WebViews -- Listening Services -- Messaging Applications -- Finding Local Vulnerabilities -- Exploiting Devices -- Using Attack Tools -- Ettercap -- Burp Suite -- drozer -- Explanation of Privilege Levels -- Non-System Application without Context -- Non-System Application with Context -- Installed Package -- ADB Shell Access -- System User Access -- Root User Access -- Practical Physical Attacks -- Getting ADB Shell Access -- Bypassing Lock Screens -- Installing a Rogue drozer Agent through ADB -- Practical Remote Attacks -- Remote Exploits -- Man-in-the-Middle Exploits -- Malware -- Infiltrating User Data -- Using Existing drozer Modules -- Record Microphone -- Read and Send SMS Messages -- Read Contacts -- User GPS Location -- Capturing the User's Screen -- Stealing Files from SD Card -- Other Techniques for Privileged Scenarios -- Extracting Wi-Fi Keys -- User Accounts -- Cracking Patterns, PINS, and Passwords -- Reading Extended Clipboards -- Simulating User Interaction -- Extracting Application Data with Physical Access -- Summary -- Principle of Least Exposure -- Application Components -- Data Storage -- Interacting with Untrusted Sources -- Requesting Minimal Permissions -- Bundling Files Inside the APK -- Essential Security Mechanisms -- Reviewing Entry Points into Application Components -- Securing Activities -- Securing Content Providers -- Securing Broadcast Receivers -- Storing Files Securely -- Creating Files and Folders Securely -- Using Encryption -- Using Random Numbers, Key Generation, and Key Storage -- Exposing Files Securely to Other Applications -- Creating Secure Communications -- Internet Communications -- Local Communications -- Securing WebViews -- JavaScript -- JavaScriptInterface -- Plug-Ins -- Access to Information -- Web Content Validation -- Configuring the Android Manifest -- Application Backups -- Setting the Debuggable Flag -- API Version Targeting -- Logging -- Reducing the Risk of Native Code -- Advanced Security Mechanisms -- Protection Level Downgrade Detection -- Protecting Non-Exported Components -- Slowing Down a Reverse Engineer -- Obfuscation -- Root Detection -- Debugger Detection -- Tamper Detection -- Summary -- Understanding the Security Model-- Note continued: Code Signing and Digital Rights Management (DRM) -- ApplicatiSandboxing -- AppContainer -- Chambers and Capabilities -- Data Encryption 'At Rest' -- Internal Storage Volume -- Secure Digital Card Encryption -- Windows Phone Store Submission Process -- Exploring Exploit Mitigation Features -- Stack Canaries -- Address Space Layout Randomization -- Data Execution Prevention -- Safe Structured Exception Handling -- Userland Heap Safe Unlinking -- Mitigations in Kernel Space -- Understanding Windows Phone 8.x Applications -- Application Packages -- Programming Languages and Types of Applications -- Application Manifests -- Attack Surface Enumeration -- Application Directories -- Distribution of Windows Phone Applications -- Windows Phone Store -- Store Sideloading -- Company App Sideloading/Distribution -- Targeted Application Distribution -- Developer Sideloading -- Building a Test Environment -- SDK Tools -- Obtaining the Development Tools -- Visual Studio -- Emulator -- Developer Unlocking Your Device -- Capability Unlocking Your Device -- Samsung Ativ Full Capability Unlock and Filesystem Access on Windows Phone 8 -- Samsung Ativ Interop Unlock and Filesystem Access on Windows Phone 8.1 via Custom MBN -- Huawei Ascend W1 Full Capability Unlock and Filesystem Access on Windows Phone 8 -- Huawei Ascend Wl-U00 Full Capability Unlock and Filesystem Access on Windows Phone 8.1 -- Using Filesystem Access -- Using Registry Access -- Useful Hacking Tools -- Analyzing Application Binaries -- Reverse Engineering -- Analyzing Exploit Mitigation Features -- Summary -- Analyzing for Data Entry Points -- WebBrowser and WebView Controls -- Bluetooth -- HTTP Sessions -- Network Sockets -- Near Field Communication -- Barcodes -- SD Cards -- Interprocess Communications Interfaces -- Protocol Handlers -- File Extension Handlers -- Toast Notifications -- Attacking Transport Security -- Identifying and Capturing Cleartext HTTP Communications -- Identifying and Capturing HTTPS Communications -- Capturing Non-HTTP/HTTPS Traffic -- SSL Certificate Validation Flaws -- Attacking WebBrowser and WebView Controls -- Cross-Site Scripting -- Local Scripting Attacks -- JavaScript-C# Communication -- Identifying Interprocess Communication Vulnerabilities -- Protocol Handlers -- File Handlers -- Toast Notifications -- Sending Arbitrary Toasts -- Sending Toast Notifications Remotely -- Attacking XML Parsing -- Introducing the XDocument API -- Entity Expansion Denial-of-Service Attacks -- External Entity Expansion Attacks -- Attacking Databases -- LINQ to SQL -- SQLite and SQLCipher -- Attacking File Handling -- Introduction to File Handling -- Directory Traversal Attacks -- Patching .NET Assemblies -- Summary -- Identifying Insecure Application Settings Storage -- Identifying Data Leaks -- HTTP(S) Cookie Storage -- HTTP(S) Caching -- Application Logging -- Identifying Insecure Data Storage -- Unencrypted File Storage -- Insecure Database Storage -- Local Databases -- SQLite-Based Databases -- Insecure Random Number Generation -- System. andom's Predictability -- Multiple Instances of System. Random -- System. Random Thread Safety -- Insecure Cryptography and Password Use -- Hard-Coded Cryptography Keys -- Insecure Storage of Cryptography Keys -- Storing Keys and Passwords in Immutable String Objects -- Failure to Clear Cryptography Keys and Passwords from Memory -- Insecure Key Generation-- Insecure Random Key Generation -- Insecure Password-Based Key Generation and Password Policy -- Use of Weak Cryptography Algorithms, Modes, and Key Lengths -- Data Encryption Standard (DES) -- AES in ECB Mode -- Other Weak Algorithms -- Minimum Public-Private Key Length -- Use of Static Initialization Vectors -- Data Protection API Misuse on Windows Phone -- Identifying Native Code Vulnerabilities -- Stack Buffer Overflows -- Heap Buffer Overflows -- Other Integer-Handling Bugs -- Integer Underflows -- Signedness Errors -- Format String Bugs -- Array Indexing Errors -- Denial-of-Service Bugs -- Unsafe C# Code -- Summary -- General Security Design Considerations -- Storing and Encrypting Data Securely -- Safe Encryption Ciphers and Modes -- Key Generation and Management -- Encrypting Files -- Encrypting Databases -- Windows Phone Local Databases-- SQLite-Based Databases -- Secure Random Number Generation -- Securing Data in Memory and Wiping Memory -- Avoiding SQLite Injection -- Implementing Secure Communications -- Using SSL/TLS -- SSL/TLS Certificate Validation -- Avoiding Cross-Site Scripting in WebViews and WebBrowser Components -- Using SSL/TLS for Network Communications -- Disabling JavaScript -- Safe Construction of Dynamic HTML and JavaScript -- Avoiding Local Scripting Attacks -- Secure XML Parsing -- Clearing Web Cache and Web Cookies -- Clearing Cookies -- Clearing Web Cache -- Avoiding Native Code Bugs -- Using Exploit Mitigation Features -- Summary -- Understanding BlackBerry Legacy -- Architecture, Security, and the Simulator -- Apps and COD Files -- Reverse Engineering COD Files -- Java COD Files -- Zip COD Files -- Java Development Environment and JVM Interface -- App Code Signing -- BlackBerry Mobile Data System -- Device Event Log -- Understanding BlackBerry 10 -- The BlackBerry 10 Platform -- Authman and Launcher -- Apps Packages and BAR Files -- Native Applications -- Cascades Applications -- HTML5 and JavaScript Applications -- Android Applications -- Distributing Applications -- PPS Objects -- Understanding the BlackBerry 10 Security Model -- Process Sandboxing -- Application Capabilities -- Code Signing -- <client-PBDT-xxxxx.csj file>BlackBerry Balance -- BlackBerry 10 Jailbreaking -- Using Developer Mode -- The BlackBerry 10 Device Simulator -- Accessing App Data from a Device -- Accessing BAR Files -- Looking at Applications -- Network Traffic Analysis and Interception -- BAR Archives -- ELF Binaries -- HTML5 and JavaScript -- Summary -- Traversing Trust Boundaries -- Files -- Network Sockets -- UNIX Domain Sockets -- Shared Memory Objects -- PPS Objects -- Channels, Messages, and Events -- Higher-Level Concepts -- Network Traffic -- Invocation Framework -- Clipboard -- Summary -- Limiting Excessive Permissions -- Resolving Data Storage Issues -- Auditing Shared Files -- Checking BAR Files -- Reviewing the Application Sandbox -- Checking Data Transmission -- Encryption -- Integrity -- Handling Personally Identifiable Information and Privacy -- Ensuring Secure Development -- Missing Compiler and Linker Defenses -- Vulnerable Third-Party Libraries -- Native Code Vulnerability Classes -- Injection Vulnerability Classes -- Logic Issues -- Summary -- Securing BlackBerry OS 7.x and Earlier Legacy Java Applications -- General Java Secure Development Principals -- Making Apps Work with the Application Control Policies -- Memory Cleaning -- Controlling File Access and Encryption -- SQLite Database Encryption -- Persistent Store Access Control and Encryption -- Runtime Store Access Control -- Randomness Sources -- SSL, TLS Certificate, and Public Key Pinning in OS 7x and Earlier Legacy Java Applications -- Defending Against Module Squatting -- Obfuscation -- BlackBerry WebWorks Security on BlackBerry OS 7 or Lower -- Securing BlackBerry 10 Native Applications -- General C/C++ Secure Development Principals -- Compiler and Linker Defenses -- Memory Cleaning -- File Access Control -- File Encryption -- Randomness Sources -- SSL, TLS Certificate, and Public Key Pinning in Blackberry 10 Native Applications -- Security Builder Encryption API -- Heap Robustness Against Corruption -- QNX Native IPC Mechanism Security Considerations -- Headless App Interprocess Communication -- Securing BlackBerry 10 Cascades Applications -- Securing BlackBerry 10 HTML5 and JavaScript -- (WebWorks) Applications -- App Invocation Parameters -- Access App Configuration Option -- Websecurity App Configuration Option -- Content Injection Mitigations -- Securing Android Applications on BlackBerry 10 -- Summary -- Introduction to Cross-Platform Mobile Applications -- Bridging Native Functionality -- Exposing Native Functionality on Android -- Exposing Native Functionality on iOS -- Exposing Native Functionality on Windows Phone -- Exposing Native Functionality on BlackBerry -- Exploring PhoneGap and Apache Cordova -- Standard Features of PhoneGap -- PhoneGap and Cordova Security -- Cross-Application and Cross-Site Scripting Attacks -- Understanding Domain Whitelisting -- Iframes and Callbacks -- Encrypted Storage -- Summary.

See your app through a hacker's eyes to find the real sources of vulnerability The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security. Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data. Understand the ways data can be stored, and how cryptography is defeated Set up an environment for identifying insecurities and the data leakages that arise Develop extensions to bypass security controls and perform injection attacks Learn the different attacks that apply specifically to cross-platform apps IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide.

There are no comments on this title.

to post a comment.