The insufficient transport layer protection is the third biggest risk in mobile devices according to OWASP Mobile Top10 (https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks). In fact, imagine a scenario where an application is submitting the user's login credentials via HTTP to the server. What if the user is sitting in a coffee shop or at an airport and is logging in to his application while someone is sniffing the network. The attacker will be able to get the entire login credentials of the particular user, which could be used for malicious purposes later. Let's say the application is doing the authentication over HTTPS, the session management over HTTP, and is passing the authentication cookies in the requests. In that case as well, the attacker will be able to get the authentication cookies by intercepting the network while performing a man-in-the-middle attack. Using those authentication cookies, he could then directly...
Learning Pentesting for Android Devices
By :
Learning Pentesting for Android Devices
By:
Overview of this book
Related Content you might be interested in
Current Title:
Learning Pentesting for Android Devices
No titles found
Table of Contents (18 chapters)
Learning Pentesting for Android Devices
Credits
Foreword
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Getting Started with Android Security
Preparing the Battlefield
Reversing and Auditing Android Apps
Traffic Analysis for Android Devices
Android Forensics
Playing with SQLite
Lesser-known Android Attacks
ARM Exploitation
Writing the Pentest Report
Index
Customer Reviews