舉報 
會員
Mobile Application Penetration Testing
最新章節(jié):
Index
Ifyouareamobileapplicationevangelist,mobileapplicationdeveloper,informationsecuritypractitioner,penetrationtesteroninfrastructurewebapplications,anapplicationsecurityprofessional,orsomeonewhowantstolearnmobileapplicationsecurityasacareer,thenthisbookisforyou.ThisbookwillprovideyouwithalltheskillsyouneedtogetstartedwithAndroidandiOSpen-testing.
目錄(99章)
倒序
- 封面
- 版權(quán)信息
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
- Chapter 1. The Mobile Application Security Landscape
- The smartphone market share
- Different types of mobile applications
- Public Android and iOS vulnerabilities
- The key challenges in mobile application security
- The mobile application penetration testing methodology
- The OWASP mobile security project
- OWASP mobile top 10 risks
- Summary
- Chapter 2. Snooping Around the Architecture
- The importance of architecture
- The Android architecture
- iOS architecture
- iOS SDK and Xcode
- iOS application programming languages
- Understanding application states
- Apple's iOS security model
- Changes in iOS 8 and 9
- iOS isolation
- Hardware-level security
- iOS permissions
- The iOS application structure
- Jailbreaking
- The Mach-O binary file format
- Property lists
- Exploring the iOS filesystem
- Summary
- Chapter 3. Building a Test Environment
- Mobile app penetration testing environment setup
- Android Studio and SDK
- The Android Debug Bridge
- Genymotion
- Configuring the emulator for HTTP proxy
- Google Nexus 5 – configuring the physical device
- The iOS SDK (Xcode)
- Setting up iPhone/iPad with necessary tools
- SSH clients – PuTTy and WinSCP
- Emulator simulators and real devices
- Summary
- Chapter 4. Loading up – Mobile Pentesting Tools
- Android security tools
- iOS security tools
- Summary
- Chapter 5. Building Attack Paths – Threat Modeling an Application
- Assets
- Threats
- Vulnerabilities
- Risk
- Approach to threat models
- Threat modeling a mobile application
- Summary
- Chapter 6. Full Steam Ahead – Attacking Android Applications
- Setting up the target app
- Analyzing the app using drozer
- Android components
- Attacking WebViews
- SQL injection
- Man-in-the-Middle (MitM) attacks
- Hardcoded credentials
- Encryption and decryption on the client side
- Runtime manipulation using JDWP
- Storage/archive analysis
- Log analysis
- Assessing implementation vulnerabilities
- Binary patching
- Summary
- Chapter 7. Full Steam Ahead – Attacking iOS Applications
- Setting up the target
- Storage/archive analysis
- Reverse engineering
- Static code analysis
- App patching using Hopper
- Hardcoded username and password
- Runtime manipulation using Cycript
- Dumpdecrypted
- Client-side injections
- Man-in-the-Middle attacks
- Implementation vulnerabilities
- Building a remote tracer using LLDB
- Snoop-IT for assessment
- Summary
- Chapter 8. Securing Your Android and iOS Applications
- Secure by design
- Security mind map for developers (iOS and Android)
- Device level
- Network level
- Server level
- OWASP mobile app security checklist
- Secure coding best practices
- Post-production protection
- Summary
- Index 更新時間:2021-07-16 12:47:05
推薦閱讀
- 數(shù)據(jù)要素安全流通
- 數(shù)據(jù)可視化:從小白到數(shù)據(jù)工程師的成長之路
- 大數(shù)據(jù)算法
- 區(qū)塊鏈通俗讀本
- 數(shù)據(jù)庫應(yīng)用基礎(chǔ)教程(Visual FoxPro 9.0)
- 大數(shù)據(jù)Hadoop 3.X分布式處理實戰(zhàn)
- 一個64位操作系統(tǒng)的設(shè)計與實現(xiàn)
- 數(shù)據(jù)庫技術(shù)及應(yīng)用教程
- 一本書講透Elasticsearch:原理、進階與工程實踐
- 數(shù)據(jù)庫技術(shù)及應(yīng)用
- Augmented Reality using Appcelerator Titanium Starter
- 聯(lián)動Oracle:設(shè)計思想、架構(gòu)實現(xiàn)與AWR報告
- MySQL DBA修煉之道
- 智慧城市中的大數(shù)據(jù)分析技術(shù)
- 大數(shù)據(jù)與機器學(xué)習(xí):實踐方法與行業(yè)案例
- AndEngine for Android Game Development Cookbook
- Kubernetes快速進階與實戰(zhàn)
- Oracle 11g數(shù)據(jù)庫管理與開發(fā)基礎(chǔ)教程
- Oracle 11g數(shù)據(jù)庫系統(tǒng)設(shè)計、開發(fā)、管理與應(yīng)用
- MySQL必知必會
- Data Analysis with Python
- 云存儲安全:大數(shù)據(jù)分析與計算的基石
- Oracle從入門到精通(視頻實戰(zhàn)版)
- 計算機應(yīng)用基礎(chǔ)項目化教程(微課版)
- TestComplete Cookbook
- 零基礎(chǔ)輕松學(xué)MySQL 5.7
- 云計算和大數(shù)據(jù)服務(wù):技術(shù)架構(gòu)、運營管理與智能實踐
- 數(shù)據(jù)庫系統(tǒng)管理應(yīng)用
- 計算機應(yīng)用基礎(chǔ)
- JMeter Cookbook
