Description
Attributes
Reviews

Introduction xxxi

Chapter 1 Mobile Application (In)security 1

The Evolution of Mobile Applications 2

Mobile Application Security 4

Summary 15

Chapter 2 Analyzing iOS Applications 17

Understanding the Security Model 17

Understanding iOS Applications 22

Jailbreaking Explained 29

Understanding the Data Protection API 43

Understanding the iOS Keychain 46

Understanding Touch ID 51

Reverse Engineering iOS Binaries 53

Summary 67

Chapter 3 Attacking iOS Applications 69

Introduction to Transport Security 69

Identifying Insecure Storage 81

Patching iOS Applications with Hopper 85

Attacking the iOS Runtime 92

Understanding Interprocess Communication 118

Attacking Using Injection 123

Summary 131

Chapter 4 Identifying iOS Implementation Insecurities 133

Disclosing Personally Identifi able Information 133

Identifying Data Leaks 136

Memory Corruption in iOS Applications 142

Summary 146

Chapter 5 Writing Secure iOS Applications 149

Protecting Data in Your Application 149

Avoiding Injection Vulnerabilities 156

Securing Your Application with Binary Protections 158

Summary 170

Chapter 6 Analyzing Android Applications 173

Creating Your First Android Environment 174

Understanding Android Applications 179

Understanding the Security Model 206

Reverse‐Engineering Applications 233

Summary 246

Chapter 7 Attacking Android Applications 247

Exposing Security Model Quirks 248

Attacking Application Components 255

Accessing Storage and Logging 304

Misusing Insecure Communications 312

Exploiting Other Vectors 326

Additional Testing Techniques 341

Summary 351

Chapter 8 Identifying and Exploiting Android Implementation Issues 353

Reviewing Pre‐Installed Applications 353

Exploiting Devices 365

Infiltrating User Data 416

Summary 426

Chapter 9 Writing Secure Android Applications 427

Principle of Least Exposure 427

Essential Security Mechanisms 429

Advanced Security Mechanisms 450

Slowing Down a Reverse Engineer 451

Summary 455

Chapter 10 Analyzing Windows Phone Applications 459

Understanding the Security Model 460

Understanding Windows Phone 8.x Applications 473

Developer Sideloading 483

Building a Test Environment 484

Analyzing Application Binaries 506

Summary 509

Chapter 11 Attacking Windows Phone Applications 511

Analyzing for Data Entry Points 511

Attacking Transport Security 525

Attacking WebBrowser and WebView Controls 534

Identifying Interprocess Communication Vulnerabilities 542

Attacking XML Parsing 560

Attacking Databases 568

Attacking File Handling 573

Patching .NET Assemblies 578

Summary 585

Chapter 12 Identifying Windows Phone Implementation Issues 587

Identifying Insecure Application Settings Storage 588

Identifying Data Leaks 591

Identifying Insecure Data Storage 593

Insecure Random Number Generation 601

Insecure Cryptography and Password Use 605

Identifying Native Code Vulnerabilities 616

Summary 626

Chapter 13 Writing Secure Windows Phone Applications 629

General Security Design Considerations 629

Storing and Encrypting Data Securely 630

Secure Random Number Generation 634

Securing Data in Memory and Wiping Memory 635

Avoiding SQLite Injection 636

Implementing Secure Communications 638

Avoiding Cross‐Site Scripting in WebViews and WebBrowser Components 640

Secure XML Parsing 642

Clearing Web Cache and Web Cookies 642

Avoiding Native Code Bugs 644

Using Exploit Mitigation Features 644

Summary 645

Chapter 14 Analyzing BlackBerry Applications 647

Understanding BlackBerry Legacy 647

Understanding BlackBerry 10 652

Understanding the BlackBerry 10 Security Model 660

BlackBerry 10 Jailbreaking 665

Using Developer Mode 666

The BlackBerry 10 Device Simulator 667

Accessing App Data from a Device 668

Accessing BAR Files 669

Looking at Applications 670

Summary 678

Chapter 15 Attacking BlackBerry Applications 681

Traversing Trust Boundaries 682

Summary 691

Chapter 16 Identifying BlackBerry Application Issues 693

Limiting Excessive Permissions 694

Resolving Data Storage Issues 695

Checking Data Transmission 696

Handling Personally Identifiable Information and Privacy 698

Ensuring Secure Development 700

Summary 704

Chapter 17 Writing Secure BlackBerry Applications 705

Securing BlackBerry OS 7.x and Earlier Legacy Java Applications 706

General Java Secure Development Principals 706

Making Apps Work with the Application Control Policies 706

Memory Cleaning 707

Controlling File Access and Encryption 709

SQLite Database Encryption 710

Persistent Store Access Control and Encryption 711

Securing BlackBerry 10 Native Applications 716

Securing BlackBerry 10 Cascades Applications 723

Securing BlackBerry 10 HTML5 and JavaScript (WebWorks) Applications 724

Securing Android Applications on BlackBerry 10 726

Summary 726

Chapter 18 Cross‐Platform Mobile Applications 729

Introduction to Cross‐Platform Mobile Applications 729

Bridging Native Functionality 731

Exploring PhoneGap and Apache Cordova 736

Summary 741

Index 743

  • Format: epub
  • ISBN: 9781118958513
  • Publisher: WILEY
  • Author: Ollie Whitehouse
  • Ean Code: 9781118958513
  • Book type: E-book
  • Language: English
  • DRM: Adobe DRM
0
5
0 %
4
0 %
3
0 %
2
0 %
1
0 %
0%

Recommend

The Mobile Application Hacker's Handbook
Your Rating
Upload your photo (.gif,.jpg,.png). You can add up to 5 images
Browse Files...
Loading...
Loading...
{{{text}}}

Recommendations

{{record.Name}}
{{record.Name}}
{{#record.Author.length}} {{#record.Author}} {{record.Author}} {{/record.Author}} {{/record.Author.length}} {{^record.Author.length}} {{record.Author}} {{/record.Author.length}}
{{#record.Special_price}} {{record.Special_price}} {{record.Price}} {{/record.Special_price}} {{^record.Special_price}} {{record.Price}} {{/record.Special_price}}
{{^record.HasVariants}}
{{#record.Is_in_stock}}
{{/record.Is_in_stock}} {{^record.Is_in_stock}} Available Soon {{/record.Is_in_stock}}
{{/record.HasVariants}}
{{record.Short_description}}
Show more

Similar products

{{record.Name}}
{{record.Name}}
{{#record.Author.length}} {{#record.Author}} {{record.Author}} {{/record.Author}} {{/record.Author.length}} {{^record.Author.length}} {{record.Author}} {{/record.Author.length}}
{{#record.Special_price}} {{record.Special_price}} {{record.Price}} {{/record.Special_price}} {{^record.Special_price}} {{record.Price}} {{/record.Special_price}}
{{^record.HasVariants}}
{{#record.Is_in_stock}}
{{/record.Is_in_stock}} {{^record.Is_in_stock}} Available Soon {{/record.Is_in_stock}}
{{/record.HasVariants}}
{{record.Short_description}}
Show more

Author Products

{{record.Name}}
{{record.Name}}
{{#record.Author.length}} {{#record.Author}} {{record.Author}} {{/record.Author}} {{/record.Author.length}} {{^record.Author.length}} {{record.Author}} {{/record.Author.length}}
{{#record.Special_price}} {{record.Special_price}} {{record.Price}} {{/record.Special_price}} {{^record.Special_price}} {{record.Price}} {{/record.Special_price}}
{{^record.HasVariants}}
{{#record.Is_in_stock}}
{{/record.Is_in_stock}} {{^record.Is_in_stock}} Available Soon {{/record.Is_in_stock}}
{{/record.HasVariants}}
{{record.Short_description}}
Show more