舉報

會員
Mobile Application Penetration Testing
最新章節:
Index
Ifyouareamobileapplicationevangelist,mobileapplicationdeveloper,informationsecuritypractitioner,penetrationtesteroninfrastructurewebapplications,anapplicationsecurityprofessional,orsomeonewhowantstolearnmobileapplicationsecurityasacareer,thenthisbookisforyou.ThisbookwillprovideyouwithalltheskillsyouneedtogetstartedwithAndroidandiOSpen-testing.
目錄(99章)
倒序
- 封面
- 版權信息
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
- Chapter 1. The Mobile Application Security Landscape
- The smartphone market share
- Different types of mobile applications
- Public Android and iOS vulnerabilities
- The key challenges in mobile application security
- The mobile application penetration testing methodology
- The OWASP mobile security project
- OWASP mobile top 10 risks
- Summary
- Chapter 2. Snooping Around the Architecture
- The importance of architecture
- The Android architecture
- iOS architecture
- iOS SDK and Xcode
- iOS application programming languages
- Understanding application states
- Apple's iOS security model
- Changes in iOS 8 and 9
- iOS isolation
- Hardware-level security
- iOS permissions
- The iOS application structure
- Jailbreaking
- The Mach-O binary file format
- Property lists
- Exploring the iOS filesystem
- Summary
- Chapter 3. Building a Test Environment
- Mobile app penetration testing environment setup
- Android Studio and SDK
- The Android Debug Bridge
- Genymotion
- Configuring the emulator for HTTP proxy
- Google Nexus 5 – configuring the physical device
- The iOS SDK (Xcode)
- Setting up iPhone/iPad with necessary tools
- SSH clients – PuTTy and WinSCP
- Emulator simulators and real devices
- Summary
- Chapter 4. Loading up – Mobile Pentesting Tools
- Android security tools
- iOS security tools
- Summary
- Chapter 5. Building Attack Paths – Threat Modeling an Application
- Assets
- Threats
- Vulnerabilities
- Risk
- Approach to threat models
- Threat modeling a mobile application
- Summary
- Chapter 6. Full Steam Ahead – Attacking Android Applications
- Setting up the target app
- Analyzing the app using drozer
- Android components
- Attacking WebViews
- SQL injection
- Man-in-the-Middle (MitM) attacks
- Hardcoded credentials
- Encryption and decryption on the client side
- Runtime manipulation using JDWP
- Storage/archive analysis
- Log analysis
- Assessing implementation vulnerabilities
- Binary patching
- Summary
- Chapter 7. Full Steam Ahead – Attacking iOS Applications
- Setting up the target
- Storage/archive analysis
- Reverse engineering
- Static code analysis
- App patching using Hopper
- Hardcoded username and password
- Runtime manipulation using Cycript
- Dumpdecrypted
- Client-side injections
- Man-in-the-Middle attacks
- Implementation vulnerabilities
- Building a remote tracer using LLDB
- Snoop-IT for assessment
- Summary
- Chapter 8. Securing Your Android and iOS Applications
- Secure by design
- Security mind map for developers (iOS and Android)
- Device level
- Network level
- Server level
- OWASP mobile app security checklist
- Secure coding best practices
- Post-production protection
- Summary
- Index 更新時間:2021-07-16 12:47:05
推薦閱讀
- 數據庫原理及應用教程(第4版)(微課版)
- 正則表達式必知必會
- 云計算服務保障體系
- 大數據時代下的智能轉型進程精選(套裝共10冊)
- INSTANT Cytoscape Complex Network Analysis How-to
- Power BI商業數據分析完全自學教程
- 數據庫技術實用教程
- 新基建:數據中心創新之路
- Python數據分析與挖掘實戰(第3版)
- Construct 2 Game Development by Example
- Doris實時數倉實戰
- 智慧城市中的大數據分析技術
- 實現領域驅動設計
- Spring Boot 2.0 Cookbook(Second Edition)
- Access 2016數據庫應用基礎
- 云工作時代:科技進化必將帶來的新工作方式
- MySQL數據庫應用與管理
- Oracle 11g數據庫管理員指南
- 推薦系統全鏈路設計:原理解讀與業務實踐
- 達夢數據庫集群
- Unity iOS Essentials
- Hands-On Design Patterns with Swift
- Getting Started with Paint.NET
- Hadoop應用實戰
- MySQL技術大全:開發、優化與運維實戰(視頻教學版)
- Implementing DevOps with Microsoft Azure
- 百度統計:網站數據分析實戰
- 計算機應用基礎
- Learning SciPy for Numerical and Scientific Computing
- 大數據征信及智能評估:征信大數據挖掘與智能分析技術