Learning Pentesting for Android Devices by Gupta, Aditya -- Read -- Imperial Library of Trantor

Log In

Or create an account ->

Imperial Library

Home
About
News
Upload
Forum

Help

Login/SignUp

Index

Learning Pentesting for Android Devices Credits Foreword About the Author Acknowledgments About the Reviewers www.PacktPub.com Support files, eBooks, discount offers, and more Why subscribe? Free access for Packt account holders Preface What this book covers What you need for this book Who this book is for Conventions Reader feedback Customer support Downloading the example code Downloading the color images of the book Errata Piracy Questions 1. Getting Started with Android Security Introduction to Android Digging deeper into Android Sandboxing and the permission model Application signing Android startup process Summary 2. Preparing the Battlefield Setting up the development environment Creating an Android virtual device Useful utilities for Android Pentest Android Debug Bridge Burp Suite APKTool Summary 3. Reversing and Auditing Android Apps Android application teardown Reversing an Android application Using Apktool to reverse an Android application Auditing Android applications Content provider leakage Insecure file storage Path traversal vulnerability or local file inclusion Client-side injection attacks OWASP top 10 vulnerabilities for mobiles Summary 4. Traffic Analysis for Android Devices Android traffic interception Ways to analyze Android traffic Passive analysis Active analysis HTTPS Proxy interception Other ways to intercept SSL traffic Extracting sensitive files with packet capture Summary 5. Android Forensics Types of forensics Filesystems Android filesystem partitions Using dd to extract data Using a custom recovery image Using Andriller to extract an application's data Using AFLogical to extract contacts, calls, and text messages Dumping application databases manually Logging the logcat Using backup to extract an application's data Summary 6. Playing with SQLite Understanding SQLite in depth Analyzing a simple application using SQLite Security vulnerability Summary 7. Lesser-known Android Attacks Android WebView vulnerability Using WebView in the application Identifying the vulnerability Infecting legitimate APKs Vulnerabilities in ad libraries Cross-Application Scripting in Android Summary 8. ARM Exploitation Introduction to ARM architecture Execution modes Setting up the environment Simple stack-based buffer overflow Return-oriented programming Android root exploits Summary 9. Writing the Pentest Report Basics of a penetration testing report Writing the pentest report Executive summary Vulnerabilities Scope of the work Tools used Testing methodologies followed Recommendations Conclusion Appendix Summary Security Audit of Attify's Vulnerable App Table of Contents 1. Introduction 1.1 Executive Summary 1.2 Scope of the Work 1.3 Summary of Vulnerabilities 2. Auditing and Methodology 2.1 Tools Used 2.2 Vulnerabilities Issue #1: Injection vulnerabilities in the Android application Issue #2: Vulnerability in the WebView component Issue #3: No/Weak encryption Issue #4: Vulnerable content providers 3. Conclusions 3.1 Conclusions 3.2 Recommendations Index

← Prev
Back
Next →

← Prev
Back
Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion