Buy The Mobile Application Hacker's Handbook - Bookswagon
close menu
Bookswagon
search
My Account
Home > Computing and Information Technology Books > Computer security books > The Mobile Application Hacker's Handbook
The Mobile Application Hacker's Handbook

The Mobile Application Hacker's Handbook


     0     
5
4
3
2
1



Out of Stock


Notify me when this book is in stock
X
About the Book

See your app through a hacker's eyes to find the real sources of vulnerability

The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security.

Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data.

  • Understand the ways data can be stored, and how cryptography is defeated
  • Set up an environment for identifying insecurities and the data leakages that arise
  • Develop extensions to bypass security controls and perform injection attacks
  • Learn the different attacks that apply specifically to cross-platform apps

IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide.



Table of Contents:

Introduction xxxi

Chapter 1 Mobile Application (In)security 1

The Evolution of Mobile Applications 2

Mobile Application Security 4

Summary 15

Chapter 2 Analyzing iOS Applications 17

Understanding the Security Model 17

Understanding iOS Applications 22

Jailbreaking Explained 29

Understanding the Data Protection API 43

Understanding the iOS Keychain 46

Understanding Touch ID 51

Reverse Engineering iOS Binaries 53

Summary 67

Chapter 3 Attacking iOS Applications 69

Introduction to Transport Security 69

Identifying Insecure Storage 81

Patching iOS Applications with Hopper 85

Attacking the iOS Runtime 92

Understanding Interprocess Communication 118

Attacking Using Injection 123

Summary 131

Chapter 4 Identifying iOS Implementation Insecurities 133

Disclosing Personally Identifi able Information 133

Identifying Data Leaks 136

Memory Corruption in iOS Applications 142

Summary 146

Chapter 5 Writing Secure iOS Applications 149

Protecting Data in Your Application 149

Avoiding Injection Vulnerabilities 156

Securing Your Application with Binary Protections 158

Summary 170

Chapter 6 Analyzing Android Applications 173

Creating Your First Android Environment 174

Understanding Android Applications 179

Understanding the Security Model 206

Reverse‐Engineering Applications 233

Summary 246

Chapter 7 Attacking Android Applications 247

Exposing Security Model Quirks 248

Attacking Application Components 255

Accessing Storage and Logging 304

Misusing Insecure Communications 312

Exploiting Other Vectors 326

Additional Testing Techniques 341

Summary 351

Chapter 8 Identifying and Exploiting Android Implementation Issues 353

Reviewing Pre‐Installed Applications 353

Exploiting Devices 365

Infiltrating User Data 416

Summary 426

Chapter 9 Writing Secure Android Applications 427

Principle of Least Exposure 427

Essential Security Mechanisms 429

Advanced Security Mechanisms 450

Slowing Down a Reverse Engineer 451

Summary 455

Chapter 10 Analyzing Windows Phone Applications 459

Understanding the Security Model 460

Understanding Windows Phone 8.x Applications 473

Developer Sideloading 483

Building a Test Environment 484

Analyzing Application Binaries 506

Summary 509

Chapter 11 Attacking Windows Phone Applications 511

Analyzing for Data Entry Points 511

Attacking Transport Security 525

Attacking WebBrowser and WebView Controls 534

Identifying Interprocess Communication Vulnerabilities 542

Attacking XML Parsing 560

Attacking Databases 568

Attacking File Handling 573

Patching .NET Assemblies 578

Summary 585

Chapter 12 Identifying Windows Phone Implementation Issues 587

Identifying Insecure Application Settings Storage 588

Identifying Data Leaks 591

Identifying Insecure Data Storage 593

Insecure Random Number Generation 601

Insecure Cryptography and Password Use 605

Identifying Native Code Vulnerabilities 616

Summary 626

Chapter 13 Writing Secure Windows Phone Applications 629

General Security Design Considerations 629

Storing and Encrypting Data Securely 630

Secure Random Number Generation 634

Securing Data in Memory and Wiping Memory 635

Avoiding SQLite Injection 636

Implementing Secure Communications 638

Avoiding Cross‐Site Scripting in WebViews and WebBrowser Components 640

Secure XML Parsing 642

Clearing Web Cache and Web Cookies 642

Avoiding Native Code Bugs 644

Using Exploit Mitigation Features 644

Summary 645

Chapter 14 Analyzing BlackBerry Applications 647

Understanding BlackBerry Legacy 647

Understanding BlackBerry 10 652

Understanding the BlackBerry 10 Security Model 660

BlackBerry 10 Jailbreaking 665

Using Developer Mode 666

The BlackBerry 10 Device Simulator 667

Accessing App Data from a Device 668

Accessing BAR Files 669

Looking at Applications 670

Summary 678

Chapter 15 Attacking BlackBerry Applications 681

Traversing Trust Boundaries 682

Summary 691

Chapter 16 Identifying BlackBerry Application Issues 693

Limiting Excessive Permissions 694

Resolving Data Storage Issues 695

Checking Data Transmission 696

Handling Personally Identifiable Information and Privacy 698

Ensuring Secure Development 700

Summary 704

Chapter 17 Writing Secure BlackBerry Applications 705

Securing BlackBerry OS 7.x and Earlier Legacy Java Applications 706

General Java Secure Development Principals 706

Making Apps Work with the Application Control Policies 706

Memory Cleaning 707

Controlling File Access and Encryption 709

SQLite Database Encryption 710

Persistent Store Access Control and Encryption 711

Securing BlackBerry 10 Native Applications 716

Securing BlackBerry 10 Cascades Applications 723

Securing BlackBerry 10 HTML5 and JavaScript (WebWorks) Applications 724

Securing Android Applications on BlackBerry 10 726

Summary 726

Chapter 18 Cross‐Platform Mobile Applications 729

Introduction to Cross‐Platform Mobile Applications 729

Bridging Native Functionality 731

Exploring PhoneGap and Apache Cordova 736

Summary 741

Index 743



About the Author :

DOMINIC CHELL is a director of MDSec and a recognized expert in mobile security, providing training to leading global organizations.

TYRONE ERASMUS is an expert on Android security and heads Mobile Practice at MWR InfoSecurity SA.

SHAUN COLLEY is a security consultant and researcher at IOActive specializing in mobile security and reverse engineering.

OLLIE WHITEHOUSE is Technical Director with NCC Group who has previously worked for BlackBerry and Symantec specialising in mobile security.



Review :

“..there is a shocking lack of published material on the topic of mobile security. The Mobile Application Hacker’s Handbook seeks to change this and be a positive movement to educating others in the topic of mobile security awareness.” (Vigilance-Security Magazine, March 2015)


Best Sellers


Product Details
  • ISBN-13: 9781118958520
  • Publisher: John Wiley & Sons Inc
  • Publisher Imprint: John Wiley & Sons Inc
  • Language: English
  • ISBN-10: 1118958527
  • Publisher Date: 11 Jun 2015
  • Binding: Digital (delivered electronically)
  • No of Pages: 816


Similar Products

Add Photo
Add Photo

Customer Reviews

REVIEWS      0     
Click Here To Be The First to Review this Product
The Mobile Application Hacker's Handbook
John Wiley & Sons Inc -
The Mobile Application Hacker's Handbook
Writing guidlines
We want to publish your review, so please:
  • keep your review on the product. Review's that defame author's character will be rejected.
  • Keep your review focused on the product.
  • Avoid writing about customer service. contact us instead if you have issue requiring immediate attention.
  • Refrain from mentioning competitors or the specific price you paid for the product.
  • Do not include any personally identifiable information, such as full names.

The Mobile Application Hacker's Handbook

Required fields are marked with *

Review Title*
Review
    Add Photo Add up to 6 photos
    Would you recommend this product to a friend?
    Tag this Book Read more
    Does your review contain spoilers?
    What type of reader best describes you?
    I agree to the terms & conditions
    You may receive emails regarding this submission. Any emails will include the ability to opt-out of future communications.

    CUSTOMER RATINGS AND REVIEWS AND QUESTIONS AND ANSWERS TERMS OF USE

    These Terms of Use govern your conduct associated with the Customer Ratings and Reviews and/or Questions and Answers service offered by Bookswagon (the "CRR Service").


    By submitting any content to Bookswagon, you guarantee that:
    • You are the sole author and owner of the intellectual property rights in the content;
    • All "moral rights" that you may have in such content have been voluntarily waived by you;
    • All content that you post is accurate;
    • You are at least 13 years old;
    • Use of the content you supply does not violate these Terms of Use and will not cause injury to any person or entity.
    You further agree that you may not submit any content:
    • That is known by you to be false, inaccurate or misleading;
    • That infringes any third party's copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy;
    • That violates any law, statute, ordinance or regulation (including, but not limited to, those governing, consumer protection, unfair competition, anti-discrimination or false advertising);
    • That is, or may reasonably be considered to be, defamatory, libelous, hateful, racially or religiously biased or offensive, unlawfully threatening or unlawfully harassing to any individual, partnership or corporation;
    • For which you were compensated or granted any consideration by any unapproved third party;
    • That includes any information that references other websites, addresses, email addresses, contact information or phone numbers;
    • That contains any computer viruses, worms or other potentially damaging computer programs or files.
    You agree to indemnify and hold Bookswagon (and its officers, directors, agents, subsidiaries, joint ventures, employees and third-party service providers, including but not limited to Bazaarvoice, Inc.), harmless from all claims, demands, and damages (actual and consequential) of every kind and nature, known and unknown including reasonable attorneys' fees, arising out of a breach of your representations and warranties set forth above, or your violation of any law or the rights of a third party.


    For any content that you submit, you grant Bookswagon a perpetual, irrevocable, royalty-free, transferable right and license to use, copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from and/or sell, transfer, and/or distribute such content and/or incorporate such content into any form, medium or technology throughout the world without compensation to you. Additionally,  Bookswagon may transfer or share any personal information that you submit with its third-party service providers, including but not limited to Bazaarvoice, Inc. in accordance with  Privacy Policy


    All content that you submit may be used at Bookswagon's sole discretion. Bookswagon reserves the right to change, condense, withhold publication, remove or delete any content on Bookswagon's website that Bookswagon deems, in its sole discretion, to violate the content guidelines or any other provision of these Terms of Use.  Bookswagon does not guarantee that you will have any recourse through Bookswagon to edit or delete any content you have submitted. Ratings and written comments are generally posted within two to four business days. However, Bookswagon reserves the right to remove or to refuse to post any submission to the extent authorized by law. You acknowledge that you, not Bookswagon, are responsible for the contents of your submission. None of the content that you submit shall be subject to any obligation of confidence on the part of Bookswagon, its agents, subsidiaries, affiliates, partners or third party service providers (including but not limited to Bazaarvoice, Inc.)and their respective directors, officers and employees.

    Accept

    Fresh on the Shelf


    Inspired by your browsing history


    Your review has been submitted!

    You've already reviewed this product!
    Your IP: 216.73.216.124 IN