05338nam 22006491 450 991079073670332120200520144314.01-78216-717-X(CKB)2550000001175408(EBL)1593872(SSID)ssj0001139376(PQKBManifestationID)11626133(PQKBTitleCode)TC0001139376(PQKBWorkID)11184136(PQKB)10310121(Au-PeEL)EBL1593872(CaPaEBR)ebr10825546(CaONFJC)MIL556676(OCoLC)866840167(CaSebORM)9781782167167(MiAaPQ)EBC1593872(PPN)228031117(EXLCZ)99255000000117540820140104d2013 uy 0engur|n|---|||||txtccrAndroid security cookbook /Keith Makan, Scott Alexander-Brown1st editionBirmingham :Packt Publishing,2013.1 online resource (350 p.)Includes index.1-78216-716-1 1-306-25425-6 Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Android Development Tools; Introduction; Installing the Android Development Tools (ADT); Installing the Java Development Kit (JDK); Updating the API sources; Alternative installation of the ADT; Installing the Native Development Kit (NDK); Emulating Android; Creating Android Virtual Devices (AVDs); Using the Android Debug Bridge (ADB) to interact with the AVDs; Copying files off/onto an AVD; Installing applications onto the AVDs via ADBChapter 2: Engaging with Application SecurityIntroduction; Inspecting application certificates and signatures; Signing Android applications; Verifying application signatures; Inspecting the AndroidManifest.xml file; Interacting with the activity manager via ADB; Extracting application resources via ADB; Chapter 3: Android Security Assessment Tools; Introduction; Installing and setting up Santoku; Setting up drozer; Running a drozer session; Enumerating installed packages; Enumerating activities; Enumerating content providers; Enumerating services; Enumerating broadcast receiversDetermining application attack surfacesLaunching activities; Writing a drozer module - a device enumeration module; Writing an application certificate enumerator; Chapter 4: Exploiting Applications; Introduction; Information disclosure via logcat; Inspecting network traffic; Passive intent sniffing via the activity manager; Attacking services; Attacking broadcast receivers; Enumerating vulnerable content providers; Extracting data from vulnerable content providers; Inserting data into content providers; Enumerating SQL-injection vulnerable content providers; Exploiting debuggable applicationsMan in the middle attacks on applicationsChapter 5: Protecting Applications; Introduction; Securing application components; Protecting components with custom permissions; Protecting content provider paths; Defending against SQL injection attack; Application signature verification (anti-tamper); Tamper protection by detecting the installer, emulator, and debug flag; Removing all log messages with ProGuard; Advanced code obfuscation with DexGuard; Chapter 6: Reverse Engineering Applications; Introduction; Compiling from Java to DEX; Decompiling DEX files; Interpreting the Dalvik bytecodeDecompiling DEX to JavaDecompiling application native libraries; Debugging the Android processes using the GDB server; Chapter 7: Secure Networking; Introduction; Validating self-signed SSL certificates; Using StrongTrustManager from the OnionKit library; SSL pinning; Chapter 8: Native Exploitation and Analysis; Introduction; Inspecting file permissions; Cross-compiling native executables; Exploitation of race condition vulnerabilities; Stack memory corruption exploitation; Automated native Android fuzzing; Chapter 9: Encryption and Developing Device Administration Policies; IntroductionUsing cryptography librariesAndroid Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.""Android Security Cookbook"" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit fromOperating systems (Computers)Security measuresSmartphonesSecurity measuresOperating systems (Computers)Security measures.SmartphonesSecurity measures.005.258Makan Keith1492240Alexander-Brown Scott1510052MiAaPQMiAaPQMiAaPQBOOK9910790736703321Android security cookbook3742345UNINA