Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learning Pentesting for Android Devices
  • Table Of Contents Toc
Learning Pentesting for Android Devices

Learning Pentesting for Android Devices

By : Aditya Gupta
4.3 (11)
Buy this Book
close
close
Learning Pentesting for Android Devices

Learning Pentesting for Android Devices

4.3 (11)
By: Aditya Gupta
Buy this Book

Overview of this book

This is an easy-to-follow guide, full of hands-on and real-world examples of applications. Each of the vulnerabilities discussed in the book is accompanied with the practical approach to the vulnerability, and the underlying security issue. This book is intended for all those who are looking to get started in Android security or Android application penetration testing. You don’t need to be an Android developer to learn from this book, but it is highly recommended that developers have some experience in order to learn how to create secure applications for Android.
Table of Contents (11 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Getting Started with Android Security
Icon
1. Getting Started with Android Security
Icon
Introduction to Android
Icon
Digging deeper into Android
Icon
Sandboxing and the permission model
Icon
Application signing
Icon
Android startup process
Icon
Summary
2
2. Preparing the Battlefield
Icon
2. Preparing the Battlefield
Icon
Setting up the development environment
Icon
Useful utilities for Android Pentest
Icon
Summary
3
3. Reversing and Auditing Android Apps
Icon
3. Reversing and Auditing Android Apps
Icon
Android application teardown
Icon
Reversing an Android application
Icon
Using Apktool to reverse an Android application
Icon
Auditing Android applications
Icon
Content provider leakage
Icon
Insecure file storage
Icon
OWASP top 10 vulnerabilities for mobiles
Icon
Summary
4
4. Traffic Analysis for Android Devices
chevron up
Icon
4. Traffic Analysis for Android Devices
Icon
Android traffic interception
Icon
Ways to analyze Android traffic
Icon
HTTPS Proxy interception
Icon
Extracting sensitive files with packet capture
Icon
Summary
5
5. Android Forensics
Icon
5. Android Forensics
Icon
Types of forensics
Icon
Filesystems
Icon
Using dd to extract data
Icon
Using Andriller to extract an application's data
Icon
Using AFLogical to extract contacts, calls, and text messages
Icon
Dumping application databases manually
Icon
Logging the logcat
Icon
Using backup to extract an application's data
Icon
Summary
6
6. Playing with SQLite
Icon
6. Playing with SQLite
Icon
Understanding SQLite in depth
Icon
Security vulnerability
Icon
Summary
7
7. Lesser-known Android Attacks
Icon
7. Lesser-known Android Attacks
Icon
Android WebView vulnerability
Icon
Infecting legitimate APKs
Icon
Vulnerabilities in ad libraries
Icon
Cross-Application Scripting in Android
Icon
Summary
8
8. ARM Exploitation
Icon
8. ARM Exploitation
Icon
Introduction to ARM architecture
Icon
Setting up the environment
Icon
Simple stack-based buffer overflow
Icon
Return-oriented programming
Icon
Android root exploits
Icon
Summary
9
9. Writing the Pentest Report
Icon
9. Writing the Pentest Report
Icon
Basics of a penetration testing report
Icon
Writing the pentest report
Icon
Summary
Icon
Security Audit of
Icon
Table of Contents
Icon
1. Introduction
Icon
2. Auditing and Methodology
Icon
3. Conclusions
10
Index
Icon
Index

Android traffic interception

The insufficient transport layer protection is the third biggest risk in mobile devices according to OWASP Mobile Top10 (https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks). In fact, imagine a scenario where an application is submitting the user's login credentials via HTTP to the server. What if the user is sitting in a coffee shop or at an airport and is logging in to his application while someone is sniffing the network. The attacker will be able to get the entire login credentials of the particular user, which could be used for malicious purposes later. Let's say the application is doing the authentication over HTTPS, the session management over HTTP, and is passing the authentication cookies in the requests. In that case as well, the attacker will be able to get the authentication cookies by intercepting the network while performing a man-in-the-middle attack. Using those authentication cookies, he could...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Learning Pentesting for Android Devices
End of Section 4
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon