Learning pentesting for Android devices : a practical guide to learning penetration testing for Android devices and applications / / Aditya Gupta ; foreword by Elad Shapira ; cover Image by Michal Jasej |
Autore | Gupta Aditya |
Pubbl/distr/stampa | Birmingham, England : , : Packt Publishing, , 2014 |
Descrizione fisica | 1 online resource (154 p.) |
Disciplina | 005.3 |
Collana | Community Experience Distilled |
Soggetto topico |
Application software - Design
Application software - Development Computer networks - Security measures |
Soggetto genere / forma | Electronic books. |
ISBN | 1-78328-899-X |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover; Copyright; Credits; Foreword; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Getting Started with Android Security; Introduction to Android; Digging deeper into Android; Sandboxing and the permission model; Application signing; Android startup process; Summary; Chapter 2: Preparing the Battlefield; Setting up the development environment; Creating an Android virtual device; Useful utilities for Android Pentest; Android Debug Bridge; Burp Suite; APKTool; Summary; Chapter 3: Reversing and Auditing Android Apps
Android application teardownReversing an Android application; Using Apktool to reverse an Android application; Auditing Android applications; Content provider leakage; Insecure file storage; Path traversal vulnerability/local file inclusion; Client-side injection attacks; OWASP top 10 for mobile; Summary; Chapter 4: Traffic Analysis for Android Devices; Android traffic interception; Ways of Android traffic analysis; Passive analysis; Active analysis; HTTPS Proxy interception; Other ways for SSL Traffic interception; Extracting sensitive files from packet capture; Summary Chapter 5: Android ForensicsTypes of forensics; Filesystems; Android filesystem partitions; Using dd to extract data; Using a custom recovery image; Using Andriller to extract an application's data; Using AFLogical to extract contacts, calls, and text messages; Dumping application databases manually; Logging the logcat; Using backup to extract an application's data; Summary; Chapter 6: Playing with SQLite; Understanding SQLite in depth; Analyzing a simple application using SQLite; Security vulnerability; Summary; Chapter 7: Lesser-known Android Attacks; Android WebView vulnerability Using WebView in the applicationIdentifying the vulnerability; Infecting legitimate APKs; Vulnerabilities in ad libraries; Cross Application Scripting in Android (XAS); Summary; Chapter 8: ARM Exploitation; Introduction to ARM architecture; Execution modes; Setting up the environment; Simple stack-based buffer overflow; Return-oriented programming; Android root exploits; Summary; Chapter 9: Writing the Pentest Report; Basics of a penetration testing report; Writing the pentest report; Executive summary; Vulnerabilities; Scope of the work; Tools used; Testing methodologies followed RecommendationsConclusion; Appendix; Summary; Index |
Record Nr. | UNINA-9910453751403321 |
Gupta Aditya | ||
Birmingham, England : , : Packt Publishing, , 2014 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Learning pentesting for Android devices : a practical guide to learning penetration testing for Android devices and applications / / Aditya Gupta ; foreword by Elad Shapira ; cover Image by Michal Jasej |
Autore | Gupta Aditya |
Pubbl/distr/stampa | Birmingham, England : , : Packt Publishing, , 2014 |
Descrizione fisica | 1 online resource (154 p.) |
Disciplina | 005.3 |
Collana | Community Experience Distilled |
Soggetto topico |
Application software - Design
Application software - Development Computer networks - Security measures |
ISBN | 1-78328-899-X |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover; Copyright; Credits; Foreword; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Getting Started with Android Security; Introduction to Android; Digging deeper into Android; Sandboxing and the permission model; Application signing; Android startup process; Summary; Chapter 2: Preparing the Battlefield; Setting up the development environment; Creating an Android virtual device; Useful utilities for Android Pentest; Android Debug Bridge; Burp Suite; APKTool; Summary; Chapter 3: Reversing and Auditing Android Apps
Android application teardownReversing an Android application; Using Apktool to reverse an Android application; Auditing Android applications; Content provider leakage; Insecure file storage; Path traversal vulnerability/local file inclusion; Client-side injection attacks; OWASP top 10 for mobile; Summary; Chapter 4: Traffic Analysis for Android Devices; Android traffic interception; Ways of Android traffic analysis; Passive analysis; Active analysis; HTTPS Proxy interception; Other ways for SSL Traffic interception; Extracting sensitive files from packet capture; Summary Chapter 5: Android ForensicsTypes of forensics; Filesystems; Android filesystem partitions; Using dd to extract data; Using a custom recovery image; Using Andriller to extract an application's data; Using AFLogical to extract contacts, calls, and text messages; Dumping application databases manually; Logging the logcat; Using backup to extract an application's data; Summary; Chapter 6: Playing with SQLite; Understanding SQLite in depth; Analyzing a simple application using SQLite; Security vulnerability; Summary; Chapter 7: Lesser-known Android Attacks; Android WebView vulnerability Using WebView in the applicationIdentifying the vulnerability; Infecting legitimate APKs; Vulnerabilities in ad libraries; Cross Application Scripting in Android (XAS); Summary; Chapter 8: ARM Exploitation; Introduction to ARM architecture; Execution modes; Setting up the environment; Simple stack-based buffer overflow; Return-oriented programming; Android root exploits; Summary; Chapter 9: Writing the Pentest Report; Basics of a penetration testing report; Writing the pentest report; Executive summary; Vulnerabilities; Scope of the work; Tools used; Testing methodologies followed RecommendationsConclusion; Appendix; Summary; Index |
Record Nr. | UNINA-9910791060703321 |
Gupta Aditya | ||
Birmingham, England : , : Packt Publishing, , 2014 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|
Learning pentesting for Android devices : a practical guide to learning penetration testing for Android devices and applications / / Aditya Gupta ; foreword by Elad Shapira ; cover Image by Michal Jasej |
Autore | Gupta Aditya |
Pubbl/distr/stampa | Birmingham, England : , : Packt Publishing, , 2014 |
Descrizione fisica | 1 online resource (154 p.) |
Disciplina | 005.3 |
Collana | Community Experience Distilled |
Soggetto topico |
Application software - Design
Application software - Development Computer networks - Security measures |
ISBN | 1-78328-899-X |
Formato | Materiale a stampa |
Livello bibliografico | Monografia |
Lingua di pubblicazione | eng |
Nota di contenuto |
Cover; Copyright; Credits; Foreword; About the Author; Acknowledgments; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Getting Started with Android Security; Introduction to Android; Digging deeper into Android; Sandboxing and the permission model; Application signing; Android startup process; Summary; Chapter 2: Preparing the Battlefield; Setting up the development environment; Creating an Android virtual device; Useful utilities for Android Pentest; Android Debug Bridge; Burp Suite; APKTool; Summary; Chapter 3: Reversing and Auditing Android Apps
Android application teardownReversing an Android application; Using Apktool to reverse an Android application; Auditing Android applications; Content provider leakage; Insecure file storage; Path traversal vulnerability/local file inclusion; Client-side injection attacks; OWASP top 10 for mobile; Summary; Chapter 4: Traffic Analysis for Android Devices; Android traffic interception; Ways of Android traffic analysis; Passive analysis; Active analysis; HTTPS Proxy interception; Other ways for SSL Traffic interception; Extracting sensitive files from packet capture; Summary Chapter 5: Android ForensicsTypes of forensics; Filesystems; Android filesystem partitions; Using dd to extract data; Using a custom recovery image; Using Andriller to extract an application's data; Using AFLogical to extract contacts, calls, and text messages; Dumping application databases manually; Logging the logcat; Using backup to extract an application's data; Summary; Chapter 6: Playing with SQLite; Understanding SQLite in depth; Analyzing a simple application using SQLite; Security vulnerability; Summary; Chapter 7: Lesser-known Android Attacks; Android WebView vulnerability Using WebView in the applicationIdentifying the vulnerability; Infecting legitimate APKs; Vulnerabilities in ad libraries; Cross Application Scripting in Android (XAS); Summary; Chapter 8: ARM Exploitation; Introduction to ARM architecture; Execution modes; Setting up the environment; Simple stack-based buffer overflow; Return-oriented programming; Android root exploits; Summary; Chapter 9: Writing the Pentest Report; Basics of a penetration testing report; Writing the pentest report; Executive summary; Vulnerabilities; Scope of the work; Tools used; Testing methodologies followed RecommendationsConclusion; Appendix; Summary; Index |
Record Nr. | UNINA-9910822306003321 |
Gupta Aditya | ||
Birmingham, England : , : Packt Publishing, , 2014 | ||
Materiale a stampa | ||
Lo trovi qui: Univ. Federico II | ||
|