Mobile Application Penetration Testing
Read it now on the O’Reilly learning platform with a 10-day free trial.
O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
Book description
Explore real-world threat scenarios, attacks on mobile applications, and ways to counter them
About This Book
- Gain insights into the current threat landscape of mobile applications in particular
- Explore the different options that are available on mobile platforms and prevent circumventions made by attackers
- This is a step-by-step guide to setting up your own mobile penetration testing environment
Who This Book Is For
If you are a mobile application evangelist, mobile application developer, information security practitioner, penetration tester on infrastructure web applications, an application security professional, or someone who wants to learn mobile application security as a career, then this book is for you. This book will provide you with all the skills you need to get started with Android and iOS pen-testing.
What You Will Learn
- Gain an in-depth understanding of Android and iOS architecture and the latest changes
- Discover how to work with different tool suites to assess any application
- Develop different strategies and techniques to connect to a mobile device
- Create a foundation for mobile application security principles
- Grasp techniques to attack different components of an Android device and the different functionalities of an iOS device
- Get to know secure development strategies for both iOS and Android applications
- Gain an understanding of threat modeling mobile applications
- Get an in-depth understanding of both Android and iOS implementation vulnerabilities and how to provide counter-measures while developing a mobile app
Mobile security has come a long way over the last few years. It has transitioned from "should it be done?" to "it must be done!"Alongside the growing number of devises and applications, there is also a growth in the volume of Personally identifiable information (PII), Financial Data, and much more. This data needs to be secured.
This is why Pen-testing is so important to modern application developers. You need to know how to secure user data, and find vulnerabilities and loopholes in your application that might lead to security breaches.
This book gives you the necessary skills to security test your mobile applications as a beginner, developer, or security practitioner. You'll start by discovering the internal components of an Android and an iOS application. Moving ahead, you'll understand the inter-process working of these applications. Then you'll set up a test environment for this application using various tools to identify the loopholes and vulnerabilities in the structure of the applications. Finally, after collecting all information about these security loop holes, we'll start securing our applications from these threats.
Style and approach
This is an easy-to-follow guide full of hands-on examples of real-world attack simulations. Each topic is explained in context with respect to testing, and for the more inquisitive, there are more details on the concepts and techniques used for different platforms.
Show and hide more
Table of contents Product information
Table of contents
- Mobile Application Penetration Testing
- Table of Contents
- Mobile Application Penetration Testing
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- eBooks, discount offers, and more
- Why subscribe?
- What this book covers
- What you need for this book
- Who this book is for
- Conventions
- Reader feedback
- Customer support
- Downloading the color images of this book
- Errata
- Piracy
- Questions
- The smartphone market share
- The android operating system
- The iPhone operating system (iOS)
- Native apps
- Mobile web apps
- Hybrid apps
- Android vulnerabilities
- iOS vulnerabilities
- The impact of mobile application security
- The need for mobile application penetration testing
- Current market reaction
- Discovery
- Analysis/assessment
- Exploitation
- Reporting
- Vulnerable applications to practice
- The importance of architecture
- The Android architecture
- The Linux kernel
- Confusion between Linux and the Linux kernel
- Zygote
- Native Android or system apps
- User-installed or custom apps
- The Android software development kit
- Android application packages (APK)
- AndroidManifest.xml
- The structure of the Android manifest file
- Intent
- Activity
- Services
- Unbound or start services
- Bound service
- The Binder process
- Cocoa Touch
- Media
- Core services
- Core OS
- Objective-C
- The Objective-C runtime
- Device-level security
- System-level security
- An introduction to the secure boot chain
- System software authorization
- Secure Enclave
- Touch ID
- Data-protection classes
- Keychain data protection
- Network-level security
- Application-level security
- Application code signing
- Process isolation
- Filesystem isolation
- ASLR
- Stack protection (non-executable stack and heap)
- Why jailbreak a device?
- Types of jailbreaks
- Untethered jailbreaks
- Tethered jailbreaks
- Semi-tethered jailbreaks
- Inspecting a Mach-O binary
- Mobile app penetration testing environment setup
- Android Studio and SDK
- The Android SDK
- Connecting to the device
- Getting access to the device
- Installing an application to the device
- Extracting files from the device
- Storing files to the device
- Stopping the service
- Viewing the log information
- Sideloading apps
- Monkeyrunner
- Creating an Android virtual emulator
- Installing an application to the Genymotion emulator
- Installing the vulnerable app to Genymotion
- Installing the Genymotion plugin to Android Studio
- ARM apps and Play Store in Genymotion
- Setting up the proxy in Wi-Fi settings
- Setting up the proxy on mobile carrier settings
- Cydia
- BigBoss tools
- Darwins CC tools
- iPA Installer
- Tcpdump
- iOS SSL kill-switch
- Cycript, Clutch, and class-dump
- iFunbox at glance
- Accessing SSH without Wi-Fi
- Accessing SSH with Wi-Fi
- Installing DVIA to the device
- Configuring the HTTP proxy in Apple devices
- Simulators
- Emulators
- Pros
- Cons
- Pros
- Cons
- Android security tools
- APKAnalyser
- The drozer tool
- Installing drozer on Genymotion
- How to make apps debuggable?
- Isn't Androguard only a malware analysis tool?
- Androguard's androlyze shell environment
- Automating the analysis of multiple files
- Debugging
- Attaching
- Installing Burp CA certificate to the device
- oTool
- SSL Kill Switch
- The keychain dumper
- LLDB
- Clutch
- Class-dump-z
- Instrumenting with Cycript
- Instrumentation using Frida
- Hopper
- Snoop-it
- Installing Burp CA certificate to an iOS device
- Assets
- Threats
- Threat agents
- Mobile application architecture
- Mobile applications and device data
- Identifying threat agents
- Modes of attacks
- Security controls
- The attacker view
- The device or system view
- Discovering potential threats
- STRIDE
- PASTA
- Trike
- Spoofing
- Tampering
- Repudiation
- Information disclosure
- Denial of service (DoS)
- Elevation of privilege
- Attack scenarios
- A sample attack tree for a stolen or missing device
- A list of free tools
- A commercial tool
- Business risk
- Technical risk
- Setting up the target app
- Backend server setup
- Attacking activities
- Attacking services
- Attacking broadcast receivers
- Attacking content providers
- SSL pinning
- Setting up the target
- Storage/archive analysis
- Plist files
- Client-side data stores
- The keychain data
- HTTP response caching
- Extracting the class information
- Strings
- Memory management
- Stack smashing protection
- OpenURL schemes
- The Bypass login method
- Sensitive information in the memory
- SQL injection
- UIWebView injections
- Beating the SSL cert pinning
- Pasteboard information leakage
- Keyboard logs
- App state preservation
- Secure by design
- Security mind map for developers (iOS and Android)
- Device level
- Platform (OS) level
- Screenshots/snapshots
- System caching and logs
- Cut, copy, and paste
- iOS cookie and keychains
- BinaryCookies
- Keychains
- App storage protection
- Property lists/shared preferences
- Property lists in iOS
- Shared preferences in Android
- Backup settings
- Disable debug
- Use the latest API version
- Securing Android components
- Securing activities
- Securing services
- Securing content providers
- Securing broadcast receivers
- Verify exported components
- iOS
- Android
- Key management
- iOS
- Android
- Jailbreak detection
- Filesystem-based detection
- API-based detection
- Command detection method
- Stack-smashing protection
- Runtime protection
- Certificate pinning
- Cipher suites
- CFNetwork usage
- Secure caching
- Authentication
- Authorization
- Input/output validations
- Injection flaws
- Session management
- Information leakage
- Mobile app developers checklist
- Android
- iOS
- Vendor-neutral advice
- Developer cheat sheet
- Developer policies
- Keeping up to date
Show and hide more
Product information
- Title: Mobile Application Penetration Testing
- Author(s): Vijay Kumar Velu
- Release date: March 2016
- Publisher(s): Packt Publishing
- ISBN: 9781785883378
