Normal view MARC view ISBD view

The Mobile Application Hacker's Handbook.

By: Chell, Dominic.
Contributor(s): Erasmus, Tyrone | Colley, Shaun | Whitehouse, Ollie.
Material type: TextTextSeries: eBooks on Demand.Publisher: New York : Wiley, 2015Description: 1 online resource (744 p.).ISBN: 9781118958513.Subject(s): Android (Electronic resource) | Application software -- Development | Computer security | Mobile computingGenre/Form: Electronic books.Additional physical formats: Print version:: The Mobile Application Hacker's HandbookDDC classification: 005.8 LOC classification: QA76.774.A53 .C384 2015Online resources: Click here to view this ebook.
Contents:
The Mobile Application Hacker's Handbook -- Contents -- Introduction -- Chapter 1 Mobile Application (In)security -- The Evolution of Mobile Applications -- Common Mobile Application Functions -- Benefits of Mobile Applications -- Mobile Application Security -- Key Problem Factors -- Underdeveloped Security Awareness -- Ever-Changing Attack Surfaces -- Economic and Time Constraints -- Custom Development -- The OWASP Mobile Security Project -- OWASP Mobile Top Ten -- OWASP Mobile Security Tools -- The Future of Mobile Application Security -- Summary -- Chapter 2 Analyzing iOS Applications
Understanding the Security Model -- Initializing iOS with Secure Boot Chain -- Introducing the Secure Enclave -- Restricting Application Processes with Code Signing -- Isolating Applications with Process-Level Sandboxing -- Protecting Information with Data-at-Rest Encryption -- Protecting Against Attacks with Exploit Mitigation Features -- Understanding iOS Applications -- Distribution of iOS Applications -- Apple App Store -- Enterprise Distribution -- Application Structure -- Installing Applications -- Understanding Application Permissions -- Jailbreaking Explained -- Reasons for Jailbreaking
Types of Jailbreaks -- Building a Test Environment -- Accessing the Device -- Building a Basic Toolkit -- Cydia -- BigBoss Recommended Tools -- Apple's CC Tools -- Debuggers -- Tools for Signing Binaries -- Installipa -- Exploring the Filesystem -- Property Lists -- Binary Cookies -- SQLite Databases -- Understanding the Data Protection API -- Understanding the iOS Keychain -- Access Control and Authentication Policies in iOS 8 -- Accessing the iOS Keychain -- Understanding Touch ID -- Reverse Engineering iOS Binaries -- Analyzing iOS Binaries -- Identifying Security-Related Features
Position-Independent Executable -- Stack-Smashing Protection -- Automatic Reference Counting -- Decrypting App Store Binaries -- Decrypting iOS Binaries Using a Debugger -- Automating the Decryption Process -- Inspecting Decrypted Binaries -- Inspecting Objective-C Applications -- Inspecting Swift Applications -- Disassembling and Decompiling iOS Applications -- Summary -- Chapter 3 Attacking iOS Applications -- Introduction to Transport Security -- Identifying Transport Insecurities -- Certificate Validation -- SSL Session Security -- Intercepting Encrypted Communications
Bypassing Certificate Pinning -- Identifying Insecure Storage -- Patching iOS Applications with Hopper -- Attacking the iOS Runtime -- Understanding Objective-C and Swift -- Instrumenting the iOS Runtime -- Introduction to Cydia Substrate -- Using the Cydia Substrate C API -- Tweak Development Using Theos and Logos -- Instrumentation Using Cycript -- Instrumentation Using Frida -- Instrumenting the Runtime Using the Dynamic Linker -- Instrumenting the Runtime Using the Dynamic Linker -- Inspecting iOS Applications using Snoop-it -- Understanding Interprocess Communication
Attacking Protocol Handlers
Summary: See your app through a hacker's eyes to find the real sources of vulnerability The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attac
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
QA76.774.A53 .C384 2015 (Browse shelf) http://uttyler.eblib.com/patron/FullRecord.aspx?p=1895167 Available EBL1895167

The Mobile Application Hacker's Handbook -- Contents -- Introduction -- Chapter 1 Mobile Application (In)security -- The Evolution of Mobile Applications -- Common Mobile Application Functions -- Benefits of Mobile Applications -- Mobile Application Security -- Key Problem Factors -- Underdeveloped Security Awareness -- Ever-Changing Attack Surfaces -- Economic and Time Constraints -- Custom Development -- The OWASP Mobile Security Project -- OWASP Mobile Top Ten -- OWASP Mobile Security Tools -- The Future of Mobile Application Security -- Summary -- Chapter 2 Analyzing iOS Applications

Understanding the Security Model -- Initializing iOS with Secure Boot Chain -- Introducing the Secure Enclave -- Restricting Application Processes with Code Signing -- Isolating Applications with Process-Level Sandboxing -- Protecting Information with Data-at-Rest Encryption -- Protecting Against Attacks with Exploit Mitigation Features -- Understanding iOS Applications -- Distribution of iOS Applications -- Apple App Store -- Enterprise Distribution -- Application Structure -- Installing Applications -- Understanding Application Permissions -- Jailbreaking Explained -- Reasons for Jailbreaking

Types of Jailbreaks -- Building a Test Environment -- Accessing the Device -- Building a Basic Toolkit -- Cydia -- BigBoss Recommended Tools -- Apple's CC Tools -- Debuggers -- Tools for Signing Binaries -- Installipa -- Exploring the Filesystem -- Property Lists -- Binary Cookies -- SQLite Databases -- Understanding the Data Protection API -- Understanding the iOS Keychain -- Access Control and Authentication Policies in iOS 8 -- Accessing the iOS Keychain -- Understanding Touch ID -- Reverse Engineering iOS Binaries -- Analyzing iOS Binaries -- Identifying Security-Related Features

Position-Independent Executable -- Stack-Smashing Protection -- Automatic Reference Counting -- Decrypting App Store Binaries -- Decrypting iOS Binaries Using a Debugger -- Automating the Decryption Process -- Inspecting Decrypted Binaries -- Inspecting Objective-C Applications -- Inspecting Swift Applications -- Disassembling and Decompiling iOS Applications -- Summary -- Chapter 3 Attacking iOS Applications -- Introduction to Transport Security -- Identifying Transport Insecurities -- Certificate Validation -- SSL Session Security -- Intercepting Encrypted Communications

Bypassing Certificate Pinning -- Identifying Insecure Storage -- Patching iOS Applications with Hopper -- Attacking the iOS Runtime -- Understanding Objective-C and Swift -- Instrumenting the iOS Runtime -- Introduction to Cydia Substrate -- Using the Cydia Substrate C API -- Tweak Development Using Theos and Logos -- Instrumentation Using Cycript -- Instrumentation Using Frida -- Instrumenting the Runtime Using the Dynamic Linker -- Instrumenting the Runtime Using the Dynamic Linker -- Inspecting iOS Applications using Snoop-it -- Understanding Interprocess Communication

Attacking Protocol Handlers

See your app through a hacker's eyes to find the real sources of vulnerability The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attac

Description based upon print version of record.

Author notes provided by Syndetics

<p> DOMINIC CHELL is a director of MDSec and a recognized expert in mobile security, providing training to leading global organizations.</p> <p> TYRONE ERASMUS is an expert on Android security and heads Mobile Practice at MWR InfoSecurity SA.</p> <p> SHAUN COLLEY is a security consultant and researcher at IOActive specializing in mobile security and reverse engineering.</p> <p> OLLIE WHITEHOUSE is Technical Director with NCC Group who has previously worked for BlackBerry and Symantec specialising in mobile security.</p>

There are no comments for this item.

Log in to your account to post a comment.