Ebook Android Security- Attacks and Defenses

Android Security- Attacks and Defenses
Android Security- Attacks and Defenses

Download

THÔNG TIN TÀI LIỆU

Nhà xuất bản Taylor & Francis Group, LLC
Tác giả ABHISHEK DUBEY | ANMOL MISRA
Số trang 272
Ngày xuất bản 2013
File PDF

NỘI DUNG TÀI LIỆU
Chapter 1 Introduction 1
1.1 Why Android 1
1.2 Evolution of Mobile Threats 5
1.3 Android Overview 11
1.4 Android Marketplaces 13
1.5 Summary 15

Chapter 2 Android Architecture 17
2.1 Android Architecture Overview 17
2.1.1 Linux Kernel 18
2.1.2 Libraries 25
2.1.3 Android Runtime 26
2.1.4 Application Framework 26
2.1.5 Applications 27
2.2 Android Start Up and Zygote 28
2.3 Android SDK and Tools 28
2.3.1 Downloading and Installing the Android SDK 29
2.3.2 Developing with Eclipse and ADT 31
2.3.3 Android Tools 31
2.3.4 DDMS 34
2.3.5 ADB 35
2.3.6 ProGuard 35
2.4 Anatomy of the “Hello World” Application 39
2.4.1 Understanding Hello World 39
2.5 Summary 43

Chapter 3 Android Application Architecture 47
3.1 Application Components 47
3.1.1 Activities 48
3.1.2 Intents 51
3.1.3 Broadcast Receivers 57
3.1.4 Services 58
3.1.5 Content Providers 60
3.2 Activity Lifecycles 61
3.3 Summary 70

Chapter 4 Android (in)Security 71
4.1 Android Security Model 71
4.2 Permission Enforcement—Linux 72
4.3 Android’s Manifest Permissions 75
4.3.1 Requesting Permissions 76
4.3.2 Putting It All Together 79
4.4 Mobile Security Issues 86
4.4.1 Device 86
4.4.2 Patching 86
4.4.3 External Storage 87
4.4.4 Keyboards 87
4.4.5 Data Privacy 87
4.4.6 Application Security 87
4.4.7 Legacy Code 88
4.5 Recent Android Attacks—A Walkthrough 88
4.5.1 Analysis of DroidDream Variant 88
4.5.2 Analysis of Zsone 90
4.5.3 Analysis of Zitmo Trojan 91
4.6 Summary 93

Chapter 5 Pen Testing Android 97
5.1 Penetration Testing Methodology 97
5.1.1 External Penetration Test 98
5.1.2 Internal Penetration Test 98
5.1.3 Penetration Test Methodologies 99
5.1.4 Static Analysis 99
5.1.5 Steps to Pen Test Android OS and Devices 100
5.2 Tools for Penetration Testing Android 100
5.2.1 Nmap 100
5.2.2 BusyBox 101
5.2.3 Wireshark 103
5.2.4 Vulnerabilities in the Android OS 103
5.3 Penetration Testing—Android Applications 106
5.3.1 Android Applications 106
5.3.2 Application Security 113
5.4 Miscellaneous Issues 117
5.5 Summary 118

Chapter 6 Reverse Engineering Android Applications 119
6.1 Introduction 119
6.2 What is Malware? 121
6.3 Identifying Android Malware 122
6.4 Reverse Engineering Methodology for Android
Applications 123
6.5 Summary 144

Chapter 7 Modifying the Behavior of Android Applications
without Source Code 147
7.1 Introduction 147
7.1.1 To Add Malicious Behavior 148
7.1.2 To Eliminate Malicious Behavior 148
7.1.3 To Bypass Intended Functionality 148
7.2 DEX File Format 148
7.3 Case Study: Modifying the Behavior of an
Application 150
7.4 Real World Example 1—Google Wallet Vulnerability 161
7.5 Real World Example 2—Skype Vulnerability
(CVE-2011-1717) 162
7.6 Defensive Strategies 163
7.6.1 Perform Code Obfuscation 163
7.6.2 Perform Server Side Processing 167
7.6.3 Perform Iterative Hashing and Use Salt 167
7.6.4 Choose the Right Location for Sensitive
Information 167
7.6.5 Cryptography 168
7.6.6 Conclusion 168
7.7 Summary 168

Chapter 8 Hacking Android 169
8.1 Introduction 169
8.2 Android File System 170
8.2.1 Mount Points 170
8.2.2 File Systems 170
8.2.3 Directory Structure 170
8.3 Android Application Data 173
8.3.1 Storage Options 173
8.3.2 /data/data 176
8.4 Rooting Android Devices 178
8.5 Imaging Android 181
8.6 Accessing Application Databases 183
8.7 Extracting Data from Android Devices 187
8.8 Summary 187

Chapter 9 Securing Android for the Enterprise
Environment 193
9.1 Android in Enterprise 193
9.1.1 Security Concerns for Android in Enterprise 193Contents xi
9.1.2 End-User Awareness 197
9.1.3 Compliance/Audit Considerations 197
9.1.4 Recommended Security Practices for Mobile
Devices 198
9.2 Hardening Android 199
9.2.1 Deploying Android Securely 199
9.2.2 Device Administration 208
9.3 Summary 211

Chapter 10 Browser Security and Future Threat Landscape 213
10.1 Mobile HTML Security 213
10.1.1 Cross-Site Scripting 216
10.1.2 SQL Injection 217
10.1.3 Cross-Site Request Forgery 217
10.1.4 Phishing 217
10.2 Mobile Browser Security 218
10.2.1 Browser Vulnerabilities 218
10.3 The Future Landscape 220
10.3.1 The Phone as a Spying/Tracking Device 220
10.3.2 Controlling Corporate Networks and
Other Devices through Mobile Devices 221
10.3.3 Mobile Wallets and NFC 221
10.4 Summary 222
Appendix A 223
Appendix B 233
B.1 Views 233
B.2 Code Views 235
B.3 Keyboard Shortcuts 236
B.4 Options 236

Be the first to comment

Leave a Reply

Your email address will not be published.

*