Skip to Content
Mobile application penetration testing: explore real-world threat scenarios, attacks on mobile applications, and ways to counter them

Mobile application penetration testing: explore real-world threat scenarios, attacks on mobile applications, and ways to counter them

Velu, Vijay Kumar, author

Explore real-world threat scenarios, attacks on mobile applications, and ways to counter themAbout This Book Gain insights into the current threat landscape of mobile applications in particular Explore the different options that are available on mobile platforms and prevent circumventions made by attackers This is a step-by-step guide to setting up your own mobile penetration testing environmentWho This Book Is ForIf you are a mobile application evangelist, mobile application developer, information security practitioner, penetration tester on infrastructure web applications, an application security professional, or someone who wants to learn mobile application security as a career, then this book is for you. This book will provide you with all the skills you need to get started with Android and iOS pen-testing. What You Will Learn Gain an in-depth understanding of Android and iOS architecture and the latest changes Discover how to work with different tool suites to assess any application Develop different strategies and techniques to connect to a mobile device Create a foundation for mobile application security principles Grasp techniques to attack different components of an Android device and the different functionalities of an iOS device Get to know secure development strategies for both iOS and Android applications Gain an understanding of threat modeling mobile applications Get an in-depth understanding of both Android and iOS implementation vulnerabilities and how to provide counter-measures while developing a mobile appIn DetailMobile security has come a long way over the last few years. It has transitioned from "should it be done?" to "it must be done!"Alongside the growing number of devises and applications, there is also a growth in the volume of Personally identifiable information (PII), Financial Data, and much more. This data needs to be secured. This is why Pen-testing is so important to modern application developers. You need to know how to secure user data, and find vulnerabilities and loopholes in your application that might lead to security breaches. This book gives you the necessary skills to security test your mobile applications as a beginner, developer, or security practitioner. You'll start by discovering the internal components of an Android and an iOS application. Moving ahead, you'll understand the inter-process working of these applications. Then you'll set up a test environment for this application using various tools to identify the loopholes and vulnerabilities in the structure of the applications. Finally, after collecting all information about these security loop holes, we'll start securing our applications from these threats. Style and approachThis is an easy-to-follow guide full of hands-on examples of real-world attack simulations. Each topic is explained in context with respect to testing, and for the more inquisitive, there are more details on the concepts and techniques used for different platforms

eBook, Electronic resource, Book. English. Electronic books.
Published Birmingham, UK : Packt Publishing 2016
Rate this

This resource is available electronically from the following locations

Details

Statement of responsibility: Vijay Kumar Velu
ISBN: 1785883372, 1785888692, 9781785883378, 9781785888694
EAN: 9781785883378
Note: Online resource; title from cover page (Safari, viewed March 30, 2016).
Note: Includes index.
Physical Description: 1 online resource (1 volume) : illustrations.
Other Number: 9781785883378
Series: Community experience distilled
Subject: Penetration testing (Computer security); Application software Testing.; COMPUTERS Software Development & Engineering Quality Assurance & Testing.
Series Title: Community experience distilled.
Local note: eBooks on EBSCOhost EBSCO eBooks for FE Collection (UK)

Contents

  1. Cover
  2. Copyright
  3. Credits
  4. About the Author
  5. About the Reviewers
  6. www.PacktPub.com
  7. Table of Contents
  8. Preface
  9. Chapter 1: The Mobile Application Security Landscape
  10. The smartphone market share
  11. The android operating system
  12. The iPhone operating system (iOS)
  13. Different types of mobile applications
  14. Native apps
  15. Mobile web apps
  16. Hybrid apps
  17. Public Android and iOS vulnerabilities
  18. Android vulnerabilities
  19. iOS vulnerabilities
  20. The key challenges in mobile application security
  21. The impact of mobile application security
  22. The need for mobile application penetration testing
  23. Current market reaction
  24. The mobile application penetration testing methodologyDiscovery
  25. Analysis/assessment
  26. Exploitation
  27. Reporting
  28. The OWASP mobile security project
  29. OWASP mobile top 10 risks
  30. Vulnerable applications to practice
  31. Summary
  32. Chapter 2: Snooping Around the Architecture
  33. The importance of architecture
  34. The Android architecture
  35. The Linux kernel
  36. Confusion between Linux and the Linux kernel
  37. Android runtime
  38. The java virtual machine
  39. The Dalvik virtual machine
  40. Zygote
  41. Core Java libraries
  42. ART
  43. Native libraries
  44. The application framework
  45. The applications layer
  46. Native Android or system apps
  47. User-installed or custom appsThe Android software development kit
  48. Android application packages (APK)
  49. Android application components
  50. Intent
  51. Activity
  52. Services
  53. Broadcast receivers
  54. Content providers
  55. Android Debug Bridge
  56. Application sandboxing
  57. Application signing
  58. Secure inter-process communication
  59. The Binder process
  60. The Android permission model
  61. The Android application build process
  62. Android rooting
  63. iOS architecture
  64. Cocoa Touch
  65. Media
  66. Core services
  67. Core OS
  68. iOS SDK and Xcode
  69. iOS application programming languages
  70. Objective-C
  71. The Objective-C runtime
  72. Swift
  73. Understanding application statesApple's iOS security model
  74. Device-level security
  75. System-level security
  76. An introduction to the secure boot chain
  77. System software authorization
  78. Secure Enclave
  79. Data-level security
  80. Data-protection classes
  81. Keychain data protection
  82. Changes in iOS 8 and 9
  83. Network-level security
  84. Application-level security
  85. Application code signing
  86. The iOS app sandbox
  87. iOS isolation
  88. Process isolation
  89. Filesystem isolation
  90. ASLR
  91. Stack protection (non-executable stack and heap)
  92. Hardware-level security
  93. iOS permissions
  94. The iOS application structure
  95. Jailbreaking
  96. Why jailbreak a device?Types of jailbreaks
  97. Untethered jailbreaks
  98. Tethered jailbreaks
  99. Semi-tethered jailbreaks
  100. Jailbreaking tools at a glance
  101. The Mach-O binary file format
  102. Inspecting a Mach-O binary
  103. Property lists
  104. Exploring the iOS filesystem
  105. Summary
  106. Chapter 3: Building a Test Environment
  107. Mobile app penetration testing environment setup
  108. Android Studio and SDK
  109. The Android SDK
  110. The Android Debug Bridge
  111. Connecting to the device
  112. Getting access to the device
  113. Installing an application to the device
  114. Extracting files from the device
  115. Storing files to the device
  116. Stopping the service