LEADER 05044nam 2200685 450 001 9910822306003321 005 20200520144314.0 010 $a1-78328-899-X 035 $a(CKB)2550000001250851 035 $a(EBL)1644013 035 $a(SSID)ssj0001212219 035 $a(PQKBManifestationID)11718064 035 $a(PQKBTitleCode)TC0001212219 035 $a(PQKBWorkID)11209831 035 $a(PQKB)10966260 035 $a(MiAaPQ)EBC1644013 035 $a(Au-PeEL)EBL1644013 035 $a(CaPaEBR)ebr10854990 035 $a(CaONFJC)MIL585807 035 $a(OCoLC)875818937 035 $a(PPN)228027004 035 $a(EXLCZ)992550000001250851 100 $a20140413h20142014 uy 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 10$aLearning pentesting for Android devices $ea practical guide to learning penetration testing for Android devices and applications /$fAditya Gupta ; foreword by Elad Shapira ; cover Image by Michal Jasej 210 1$aBirmingham, England :$cPackt Publishing,$d2014. 210 4$dİ2014 215 $a1 online resource (154 p.) 225 1 $aCommunity Experience Distilled 300 $aDescription based upon print version of record. 311 $a1-78328-898-1 311 $a1-306-54556-0 327 $aCover; Copyright; Credits; Foreword; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Getting Started with Android Security; Introduction to Android; Digging deeper into Android; Sandboxing and the permission model; Application signing; Android startup process; Summary; Chapter 2: Preparing the Battlefield; Setting up the development environment; Creating an Android virtual device; Useful utilities for Android Pentest; Android Debug Bridge; Burp Suite; APKTool; Summary; Chapter 3: Reversing and Auditing Android Apps 327 $aAndroid application teardownReversing an Android application; Using Apktool to reverse an Android application; Auditing Android applications; Content provider leakage; Insecure file storage; Path traversal vulnerability/local file inclusion; Client-side injection attacks; OWASP top 10 for mobile; Summary; Chapter 4: Traffic Analysis for Android Devices; Android traffic interception; Ways of Android traffic analysis; Passive analysis; Active analysis; HTTPS Proxy interception; Other ways for SSL Traffic interception; Extracting sensitive files from packet capture; Summary 327 $aChapter 5: Android ForensicsTypes of forensics; Filesystems; Android filesystem partitions; Using dd to extract data; Using a custom recovery image; Using Andriller to extract an application's data; Using AFLogical to extract contacts, calls, and text messages; Dumping application databases manually; Logging the logcat; Using backup to extract an application's data; Summary; Chapter 6: Playing with SQLite; Understanding SQLite in depth; Analyzing a simple application using SQLite; Security vulnerability; Summary; Chapter 7: Lesser-known Android Attacks; Android WebView vulnerability 327 $aUsing WebView in the applicationIdentifying the vulnerability; Infecting legitimate APKs; Vulnerabilities in ad libraries; Cross Application Scripting in Android (XAS); Summary; Chapter 8: ARM Exploitation; Introduction to ARM architecture; Execution modes; Setting up the environment; Simple stack-based buffer overflow; Return-oriented programming; Android root exploits; Summary; Chapter 9: Writing the Pentest Report; Basics of a penetration testing report; Writing the pentest report; Executive summary; Vulnerabilities; Scope of the work; Tools used; Testing methodologies followed 327 $aRecommendationsConclusion; Appendix; Summary; Index 330 $aThis is an easy-to-follow guide, full of hands-on and real-world examples of applications. Each of the vulnerabilities discussed in the book is accompanied with the practical approach to the vulnerability, and the underlying security issue. This book is intended for all those who are looking to get started in Android security or Android application penetration testing. You don't need to be an Android developer to learn from this book, but it is highly recommended that developers have some experience in order to learn how to create secure applications for Android. 410 0$aCommunity experience distilled. 606 $aApplication software$xDesign 606 $aApplication software$xDevelopment 606 $aComputer networks$xSecurity measures 615 0$aApplication software$xDesign. 615 0$aApplication software$xDevelopment. 615 0$aComputer networks$xSecurity measures. 676 $a005.3 700 $aGupta$b Aditya$0882082 702 $aShapira$b Elad 702 $aJasej$b Michal 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910822306003321 996 $aLearning pentesting for Android devices$93975988 997 $aUNINA