Learning Pentesting for Android Devices. Android’s popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps - Helion

ebook

Autor: Aditya Gupta
Tytuł oryginału: Learning Pentesting for Android Devices. Android’s popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps.
ISBN: 9781783288991
stron: 154, Format: ebook
Data wydania: 2014-03-26
Księgarnia: Helion

Cena książki: 80,91 zł (poprzednio: 89,90 zł)
Oszczędzasz: 10% (-8,99 zł)

Osoby, które kupiły tę książkę, wybierały także »

Osoby które kupowały "Learning Pentesting for Android Devices. Android’s popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps", wybierały także:

Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)
Od hierarchii do turkusu, czyli jak zarządzać w XXI wieku 58,64 zł, (12,90 zł -78%)

Spis treści

Learning Pentesting for Android Devices. Android’s popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps eBook -- spis treści

Learning Pentesting for Android Devices
- Table of Contents
- Learning Pentesting for Android Devices
- Credits
- Foreword
- About the Author
- Acknowledgments
- About the Reviewers
- www.PacktPub.com
  - Support files, eBooks, discount offers, and more
    - Why subscribe?
    - Free access for Packt account holders
- Preface
  - What this book covers
  - What you need for this book
  - Who this book is for
  - Conventions
  - Reader feedback
  - Customer support
    - Downloading the example code
    - Downloading the color images of the book
    - Errata
    - Piracy
    - Questions
- 1. Getting Started with Android Security
  - Introduction to Android
  - Digging deeper into Android
  - Sandboxing and the permission model
  - Application signing
  - Android startup process
  - Summary
- 2. Preparing the Battlefield
  - Setting up the development environment
    - Creating an Android virtual device
  - Useful utilities for Android Pentest
    - Android Debug Bridge
    - Burp Suite
    - APKTool
  - Summary
- 3. Reversing and Auditing Android Apps
  - Android application teardown
  - Reversing an Android application
  - Using Apktool to reverse an Android application
  - Auditing Android applications
  - Content provider leakage
  - Insecure file storage
    - Path traversal vulnerability or local file inclusion
    - Client-side injection attacks
  - OWASP top 10 vulnerabilities for mobiles
  - Summary
- 4. Traffic Analysis for Android Devices
  - Android traffic interception
  - Ways to analyze Android traffic
    - Passive analysis
    - Active analysis
  - HTTPS Proxy interception
    - Other ways to intercept SSL traffic
  - Extracting sensitive files with packet capture
  - Summary
- 5. Android Forensics
  - Types of forensics
  - Filesystems
    - Android filesystem partitions
  - Using dd to extract data
    - Using a custom recovery image
  - Using Andriller to extract an applications data
  - Using AFLogical to extract contacts, calls, and text messages
  - Dumping application databases manually
  - Logging the logcat
  - Using backup to extract an application's data
  - Summary
- 6. Playing with SQLite
  - Understanding SQLite in depth
    - Analyzing a simple application using SQLite
  - Security vulnerability
  - Summary
- 7. Lesser-known Android Attacks
  - Android WebView vulnerability
    - Using WebView in the application
    - Identifying the vulnerability
  - Infecting legitimate APKs
  - Vulnerabilities in ad libraries
  - Cross-Application Scripting in Android
  - Summary
- 8. ARM Exploitation
  - Introduction to ARM architecture
    - Execution modes
  - Setting up the environment
  - Simple stack-based buffer overflow
  - Return-oriented programming
  - Android root exploits
  - Summary
- 9. Writing the Pentest Report
  - Basics of a penetration testing report
  - Writing the pentest report
    - Executive summary
    - Vulnerabilities
    - Scope of the work
    - Tools used
    - Testing methodologies followed
    - Recommendations
    - Conclusion
    - Appendix
  - Summary
  - Security Audit of
    - Attify's Vulnerable App
  - Table of Contents
  - 1. Introduction
    - 1.1 Executive Summary
    - 1.2 Scope of the Work
    - 1.3 Summary of Vulnerabilities
  - 2. Auditing and Methodology
    - 2.1 Tools Used
    - 2.2 Vulnerabilities
      - Issue #1: Injection vulnerabilities in the Android application
      - Issue #2: Vulnerability in the WebView component
      - Issue #3: No/Weak encryption
      - Issue #4: Vulnerable content providers
  - 3. Conclusions
    - 3.1 Conclusions
    - 3.2 Recommendations
- Index