Coverart for item
The Resource Mobile application penetration testing : explore real-world threat scenarios, attacks on mobile applications, and ways to counter them, Vijay Kumar Velu

Mobile application penetration testing : explore real-world threat scenarios, attacks on mobile applications, and ways to counter them, Vijay Kumar Velu

Label
Mobile application penetration testing : explore real-world threat scenarios, attacks on mobile applications, and ways to counter them
Title
Mobile application penetration testing
Title remainder
explore real-world threat scenarios, attacks on mobile applications, and ways to counter them
Statement of responsibility
Vijay Kumar Velu
Creator
Author
Subject
Language
eng
Summary
Explore real-world threat scenarios, attacks on mobile applications, and ways to counter themAbout This Book Gain insights into the current threat landscape of mobile applications in particular Explore the different options that are available on mobile platforms and prevent circumventions made by attackers This is a step-by-step guide to setting up your own mobile penetration testing environmentWho This Book Is ForIf you are a mobile application evangelist, mobile application developer, information security practitioner, penetration tester on infrastructure web applications, an application security professional, or someone who wants to learn mobile application security as a career, then this book is for you. This book will provide you with all the skills you need to get started with Android and iOS pen-testing. What You Will Learn Gain an in-depth understanding of Android and iOS architecture and the latest changes Discover how to work with different tool suites to assess any application Develop different strategies and techniques to connect to a mobile device Create a foundation for mobile application security principles Grasp techniques to attack different components of an Android device and the different functionalities of an iOS device Get to know secure development strategies for both iOS and Android applications Gain an understanding of threat modeling mobile applications Get an in-depth understanding of both Android and iOS implementation vulnerabilities and how to provide counter-measures while developing a mobile appIn DetailMobile security has come a long way over the last few years. It has transitioned from "should it be done?" to "it must be done!"Alongside the growing number of devises and applications, there is also a growth in the volume of Personally identifiable information (PII), Financial Data, and much more. This data needs to be secured. This is why Pen-testing is so important to modern application developers. You need to know how to secure user data, and find vulnerabilities and loopholes in your application that might lead to security breaches. This book gives you the necessary skills to security test your mobile applications as a beginner, developer, or security practitioner. You'll start by discovering the internal components of an Android and an iOS application. Moving ahead, you'll understand the inter-process working of these applications. Then you'll set up a test environment for this application using various tools to identify the loopholes and vulnerabilities in the structure of the applications. Finally, after collecting all information about these security loop holes, we'll start securing our applications from these threats. Style and approachThis is an easy-to-follow guide full of hands-on examples of real-world attack simulations. Each topic is explained in context with respect to testing, and for the more inquisitive, there are more details on the concepts and techniques used for different platforms
Member of
Cataloging source
UMI
http://library.link/vocab/creatorName
Velu, Vijay Kumar
Dewey number
005.1/4
Illustrations
illustrations
Index
index present
LC call number
QA76.76.A65
LC item number
V45 2016
Literary form
non fiction
Nature of contents
dictionaries
Series statement
Community experience distilled
http://library.link/vocab/subjectName
  • Application software
  • Penetration testing (Computer security)
  • COMPUTERS
  • Application software
  • Penetration testing (Computer security)
Label
Mobile application penetration testing : explore real-world threat scenarios, attacks on mobile applications, and ways to counter them, Vijay Kumar Velu
Instantiates
Publication
Note
Includes index
Carrier category
online resource
Carrier category code
  • cr
Carrier MARC source
rdacarrier
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Contents
  • Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Mobile Application Security Landscape; The smartphone market share; The android operating system; The iPhone operating system (iOS); Different types of mobile applications; Native apps; Mobile web apps; Hybrid apps; Public Android and iOS vulnerabilities; Android vulnerabilities; iOS vulnerabilities; The key challenges in mobile application security; The impact of mobile application security; The need for mobile application penetration testing; Current market reaction
  • The mobile application penetration testing methodologyDiscovery; Analysis/assessment; Exploitation; Reporting; The OWASP mobile security project; OWASP mobile top 10 risks; Vulnerable applications to practice; Summary; Chapter 2: Snooping Around the Architecture; The importance of architecture; The Android architecture; The Linux kernel; Confusion between Linux and the Linux kernel; Android runtime; The java virtual machine; The Dalvik virtual machine; Zygote; Core Java libraries; ART; Native libraries; The application framework; The applications layer; Native Android or system apps
  • User-installed or custom appsThe Android software development kit; Android application packages (APK); Android application components; Intent; Activity; Services; Broadcast receivers; Content providers; Android Debug Bridge; Application sandboxing; Application signing; Secure inter-process communication; The Binder process; The Android permission model; The Android application build process; Android rooting; iOS architecture; Cocoa Touch; Media; Core services; Core OS; iOS SDK and Xcode; iOS application programming languages; Objective-C; The Objective-C runtime; Swift
  • Understanding application statesApple's iOS security model; Device-level security; System-level security; An introduction to the secure boot chain; System software authorization; Secure Enclave; Data-level security; Data-protection classes; Keychain data protection; Changes in iOS 8 and 9; Network-level security; Application-level security; Application code signing; The iOS app sandbox; iOS isolation; Process isolation; Filesystem isolation; ASLR; Stack protection (non-executable stack and heap); Hardware-level security; iOS permissions; The iOS application structure; Jailbreaking
  • Why jailbreak a device?Types of jailbreaks; Untethered jailbreaks; Tethered jailbreaks; Semi-tethered jailbreaks; Jailbreaking tools at a glance; The Mach-O binary file format; Inspecting a Mach-O binary; Property lists; Exploring the iOS filesystem; Summary; Chapter 3: Building a Test Environment; Mobile app penetration testing environment setup; Android Studio and SDK; The Android SDK; The Android Debug Bridge; Connecting to the device; Getting access to the device; Installing an application to the device; Extracting files from the device; Storing files to the device; Stopping the service
Control code
945741125
Dimensions
unknown
Extent
1 online resource (1 volume)
Form of item
online
Isbn
9781785883378
Media category
computer
Media MARC source
rdamedia
Media type code
  • c
Other control number
9781785883378
Other physical details
illustrations.
http://library.link/vocab/ext/overdrive/overdriveId
cl0500000727
Sound
unknown sound
Specific material designation
remote
System control number
(OCoLC)945741125
Label
Mobile application penetration testing : explore real-world threat scenarios, attacks on mobile applications, and ways to counter them, Vijay Kumar Velu
Publication
Note
Includes index
Carrier category
online resource
Carrier category code
  • cr
Carrier MARC source
rdacarrier
Content category
text
Content type code
  • txt
Content type MARC source
rdacontent
Contents
  • Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Mobile Application Security Landscape; The smartphone market share; The android operating system; The iPhone operating system (iOS); Different types of mobile applications; Native apps; Mobile web apps; Hybrid apps; Public Android and iOS vulnerabilities; Android vulnerabilities; iOS vulnerabilities; The key challenges in mobile application security; The impact of mobile application security; The need for mobile application penetration testing; Current market reaction
  • The mobile application penetration testing methodologyDiscovery; Analysis/assessment; Exploitation; Reporting; The OWASP mobile security project; OWASP mobile top 10 risks; Vulnerable applications to practice; Summary; Chapter 2: Snooping Around the Architecture; The importance of architecture; The Android architecture; The Linux kernel; Confusion between Linux and the Linux kernel; Android runtime; The java virtual machine; The Dalvik virtual machine; Zygote; Core Java libraries; ART; Native libraries; The application framework; The applications layer; Native Android or system apps
  • User-installed or custom appsThe Android software development kit; Android application packages (APK); Android application components; Intent; Activity; Services; Broadcast receivers; Content providers; Android Debug Bridge; Application sandboxing; Application signing; Secure inter-process communication; The Binder process; The Android permission model; The Android application build process; Android rooting; iOS architecture; Cocoa Touch; Media; Core services; Core OS; iOS SDK and Xcode; iOS application programming languages; Objective-C; The Objective-C runtime; Swift
  • Understanding application statesApple's iOS security model; Device-level security; System-level security; An introduction to the secure boot chain; System software authorization; Secure Enclave; Data-level security; Data-protection classes; Keychain data protection; Changes in iOS 8 and 9; Network-level security; Application-level security; Application code signing; The iOS app sandbox; iOS isolation; Process isolation; Filesystem isolation; ASLR; Stack protection (non-executable stack and heap); Hardware-level security; iOS permissions; The iOS application structure; Jailbreaking
  • Why jailbreak a device?Types of jailbreaks; Untethered jailbreaks; Tethered jailbreaks; Semi-tethered jailbreaks; Jailbreaking tools at a glance; The Mach-O binary file format; Inspecting a Mach-O binary; Property lists; Exploring the iOS filesystem; Summary; Chapter 3: Building a Test Environment; Mobile app penetration testing environment setup; Android Studio and SDK; The Android SDK; The Android Debug Bridge; Connecting to the device; Getting access to the device; Installing an application to the device; Extracting files from the device; Storing files to the device; Stopping the service
Control code
945741125
Dimensions
unknown
Extent
1 online resource (1 volume)
Form of item
online
Isbn
9781785883378
Media category
computer
Media MARC source
rdamedia
Media type code
  • c
Other control number
9781785883378
Other physical details
illustrations.
http://library.link/vocab/ext/overdrive/overdriveId
cl0500000727
Sound
unknown sound
Specific material designation
remote
System control number
(OCoLC)945741125

Library Locations

    • Ellis LibraryBorrow it
      1020 Lowry Street, Columbia, MO, 65201, US
      38.944491 -92.326012
    • Engineering Library & Technology CommonsBorrow it
      W2001 Lafferre Hall, Columbia, MO, 65211, US
      38.946102 -92.330125
Processing Feedback ...