In this chapter, we have learned about the different types of vulnerabilities that are merely a combination of implementation and coding mistakes. We learned about the OWASP mobile Top 10 vulnerabilities, ranging from insecure storage, binary patching, cryptographic flaws, and network flaws to different ways to circumvent the security controls that are put in place by Apple. We also looked at some serious mistakes that a developer can potentially make during the development of the app, leaving backdoor information hardcoded and the disclosure of algorithms and other app critical functions that can be exploited. We now know how to attack both Android and iOS apps in general, from basic to medium level to identify vulnerabilities. Developers have the real responsibility on their shoulders when it comes to creating apps that have minimal security threats. We will discuss how we can achieve a reduction in the risk to apps to an acceptable level in the next chapter, Securing Your Android...
Mobile Application Penetration Testing
By :
Mobile Application Penetration Testing
By:
Overview of this book
Mobile security has come a long way over the last few years. It has transitioned from "should it be done?" to "it must be done!"Alongside the growing number of devises and applications, there is also a growth in the volume of Personally identifiable information (PII), Financial Data, and much more. This data needs to be secured.
This is why Pen-testing is so important to modern application developers. You need to know how to secure user data, and find vulnerabilities and loopholes in your application that might lead to security breaches.
This book gives you the necessary skills to security test your mobile applications as a beginner, developer, or security practitioner. You'll start by discovering the internal components of an Android and an iOS application. Moving ahead, you'll understand the inter-process working of these applications. Then you'll set up a test environment for this application using various tools to identify the loopholes and vulnerabilities in the structure of the applications. Finally, after collecting all information about these security loop holes, we'll start securing our applications from these threats.
Related Content you might be interested in
Current Title:
Mobile Application Penetration Testing
No titles found
Table of Contents (15 chapters)
Mobile Application Penetration Testing
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
The Mobile Application Security Landscape
Snooping Around the Architecture
Building a Test Environment
Loading up – Mobile Pentesting Tools
Building Attack Paths – Threat Modeling an Application
Full Steam Ahead – Attacking Android Applications
Full Steam Ahead – Attacking iOS Applications
Securing Your Android and iOS Applications
Index
Customer Reviews