|
Salient Features: The book contains a number of sections addressing mobile application security issues on the Apple iOS, Google Android, Blackberry 10 and Windows Mobile platforms. In addition to this we propose to include sections on cross-platform Mobile Enterprise Application Platform Apps and a generic mobile application testing methodology. Insecure data storage - understanding the different types of client-side storage for each platform and how these can be identified. This includes source code demonstrating insecure implementations and case studies of real world Apps. Broken cryptography - understanding how poorly implemented cryptography can be defeated. This includes source code examples of insecure implementations. Insufficient transport layer protection - detailing how to identify insecure transport security and perform practical attacks against it. This includes practical examples on how to setup an environment for identifying such insecurities, insecure code examples and advice on implementing protection mechanisms. Data leakage - understanding the types of different unintentional data leakages that can arise on each of the different platforms, including caches, keystrokes, logging, images and browser data stores. Injection attacks - detailing the various injection attacks that can occur in mobile Apps, including but not limited to SQL injection, Cross-Site Scripting, XML injection and file inclusion vulnerabilities. This includes practical examples of how to perform these attacks, case studies of real world Apps and advice on remedial action. Bypassing security controls - detailing how to bypass various security controls such as but not limited to jailbreak/root detection, tamper detection, runtime protection and anti-debugging. Practical examples of how to develop extensions to perform these attacks, including detailed instructions on how to use existing tools. Cross Platform Apps - providing detailed information on how cross platform Apps work, the different attack categories that apply to these Apps and detailing practical steps to evaluate and exploit these vulnerabilities. This includes case studies from various MEAP applications and source code examples for various exploit payloads. Mobile App Testing Methodology - describing a detailed and proven methodology that introduces a thorough and comprehensive guide to assessing the security of mobile applications.
Table of Contents:
Introduction Chapter 1: Mobile Application (In)security Chapter 2: Analyzing iOS Applications Chapter 3: Attacking iOS Applications Chapter 4: Identifying iOS Implementation Insecurities Chapter 5: Writing Secure iOS Applications Chapter 6: Analyzing Android Applications Chapter 7: Attacking Android Applications Chapter 8: Identifying and Exploiting Android Implementation Issues Chapter 9: Writing Secure Android Applications Chapter 10: Analyzing Windows Phone Applications Chapter 11: Attacking Windows Phone Applications Chapter 12: Identifying Windows Phone Implementation Issues Chapter 13: Writing Secure Windows Phone Applications Chapter 14: Analyzing BlackBerry Applications Chapter 15: Attacking BlackBerry Applications Chapter 16: Identifying BlackBerry Application Issues Chapter 17: Writing Secure BlackBerry Applications Chapter 18: Cross Platform Mobile Applications Index ISBN - 9788126554911
|
|
Pages : 812
|