Mobile Application Penetration Testing

Explore real-world threat scenarios, attacks on mobile applications, and ways to counter them

Mobile Application Penetration Testing

Learning
Vijay Kumar Velu

Explore real-world threat scenarios, attacks on mobile applications, and ways to counter them
$39.99
$49.99
RRP $39.99
RRP $49.99
eBook
Print + eBook
$12.99 p/month

Get Access

Get Unlimited Access to every Packt eBook and Video course

Enjoy full and instant access to over 3000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Code Files
+ Collection
Free Sample

Book Details

ISBN 139781785883378
Paperback312 pages

Book Description

Mobile security has come a long way over the last few years. It has transitioned from "should it be done?" to "it must be done!"Alongside the growing number of devises and applications, there is also a growth in the volume of Personally identifiable information (PII), Financial Data, and much more. This data needs to be secured.

This is why Pen-testing is so important to modern application developers. You need to know how to secure user data, and find vulnerabilities and loopholes in your application that might lead to security breaches.

This book gives you the necessary skills to security test your mobile applications as a beginner, developer, or security practitioner. You'll start by discovering the internal components of an Android and an iOS application. Moving ahead, you'll understand the inter-process working of these applications. Then you'll set up a test environment for this application using various tools to identify the loopholes and vulnerabilities in the structure of the applications. Finally, after collecting all information about these security loop holes, we'll start securing our applications from these threats.

Table of Contents

Chapter 1: The Mobile Application Security Landscape
The smartphone market share
Different types of mobile applications
Public Android and iOS vulnerabilities
The key challenges in mobile application security
The mobile application penetration testing methodology
The OWASP mobile security project
OWASP mobile top 10 risks
Summary
Chapter 2: Snooping Around the Architecture
The importance of architecture
The Android architecture
iOS architecture
iOS SDK and Xcode
iOS application programming languages
Understanding application states
Apple's iOS security model
Changes in iOS 8 and 9
iOS isolation
Hardware-level security
iOS permissions
The iOS application structure
Jailbreaking
The Mach-O binary file format
Property lists
Exploring the iOS filesystem
Summary
Chapter 3: Building a Test Environment
Mobile app penetration testing environment setup
Android Studio and SDK
The Android Debug Bridge
Genymotion
Configuring the emulator for HTTP proxy
Google Nexus 5 – configuring the physical device
The iOS SDK (Xcode)
Setting up iPhone/iPad with necessary tools
SSH clients – PuTTy and WinSCP
Emulator, simulators, and real devices
Summary
Chapter 4: Loading up – Mobile Pentesting Tools
Android security tools
iOS security tools
Summary
Chapter 5: Building Attack Paths – Threat Modeling an Application
Assets
Threats
Vulnerabilities
Risk
Approach to threat models
Threat modeling a mobile application
Summary
Chapter 6: Full Steam Ahead – Attacking Android Applications
Setting up the target app
Analyzing the app using drozer
Android components
Attacking WebViews
SQL injection
Man-in-the-Middle (MitM) attacks
Hardcoded credentials
Encryption and decryption on the client side
Runtime manipulation using JDWP
Storage/archive analysis
Log analysis
Assessing implementation vulnerabilities
Binary patching
Summary
Chapter 7: Full Steam Ahead – Attacking iOS Applications
Setting up the target
Storage/archive analysis
Reverse engineering
Static code analysis
App patching using Hopper
Hardcoded username and password
Runtime manipulation using Cycript
Dumpdecrypted
Client-side injections
Man-in-the-Middle attacks
Implementation vulnerabilities
Building a remote tracer using LLDB
Snoop-IT for assessment
Summary
Chapter 8: Securing Your Android and iOS Applications
Secure by design
Security mind map for developers (iOS and Android)
Device level
Network level
Server level
OWASP mobile app security checklist
Secure coding best practices
Post-production protection
Summary

What You Will Learn

  • Gain an in-depth understanding of Android and iOS architecture and the latest changes
  • Discover how to work with different tool suites to assess any application
  • Develop different strategies and techniques to connect to a mobile device
  • Create a foundation for mobile application security principles
  • Grasp techniques to attack different components of an Android device and the different functionalities of an iOS device
  • Get to know secure development strategies for both iOS and Android applications
  • Gain an understanding of threat modeling mobile applications
  • Get an in-depth understanding of both Android and iOS implementation vulnerabilities and how to provide counter-measures while developing a mobile app

Authors

Table of Contents

Chapter 1: The Mobile Application Security Landscape
The smartphone market share
Different types of mobile applications
Public Android and iOS vulnerabilities
The key challenges in mobile application security
The mobile application penetration testing methodology
The OWASP mobile security project
OWASP mobile top 10 risks
Summary
Chapter 2: Snooping Around the Architecture
The importance of architecture
The Android architecture
iOS architecture
iOS SDK and Xcode
iOS application programming languages
Understanding application states
Apple's iOS security model
Changes in iOS 8 and 9
iOS isolation
Hardware-level security
iOS permissions
The iOS application structure
Jailbreaking
The Mach-O binary file format
Property lists
Exploring the iOS filesystem
Summary
Chapter 3: Building a Test Environment
Mobile app penetration testing environment setup
Android Studio and SDK
The Android Debug Bridge
Genymotion
Configuring the emulator for HTTP proxy
Google Nexus 5 – configuring the physical device
The iOS SDK (Xcode)
Setting up iPhone/iPad with necessary tools
SSH clients – PuTTy and WinSCP
Emulator, simulators, and real devices
Summary
Chapter 4: Loading up – Mobile Pentesting Tools
Android security tools
iOS security tools
Summary
Chapter 5: Building Attack Paths – Threat Modeling an Application
Assets
Threats
Vulnerabilities
Risk
Approach to threat models
Threat modeling a mobile application
Summary
Chapter 6: Full Steam Ahead – Attacking Android Applications
Setting up the target app
Analyzing the app using drozer
Android components
Attacking WebViews
SQL injection
Man-in-the-Middle (MitM) attacks
Hardcoded credentials
Encryption and decryption on the client side
Runtime manipulation using JDWP
Storage/archive analysis
Log analysis
Assessing implementation vulnerabilities
Binary patching
Summary
Chapter 7: Full Steam Ahead – Attacking iOS Applications
Setting up the target
Storage/archive analysis
Reverse engineering
Static code analysis
App patching using Hopper
Hardcoded username and password
Runtime manipulation using Cycript
Dumpdecrypted
Client-side injections
Man-in-the-Middle attacks
Implementation vulnerabilities
Building a remote tracer using LLDB
Snoop-IT for assessment
Summary
Chapter 8: Securing Your Android and iOS Applications
Secure by design
Security mind map for developers (iOS and Android)
Device level
Network level
Server level
OWASP mobile app security checklist
Secure coding best practices
Post-production protection
Summary

Book Details

ISBN 139781785883378
Paperback312 pages
Read More

DEAL OF THE DAY

Sign up here to get exclusive deep discounts on our latest and bestselling eBooks, delivered straight to your inbox every day.

FREE LEARNING FOREVER

Master new IT skills and unlock valuable software & web development knowledge with a FREE eBook every day.

Recommended for You

Advanced Penetration Testing for Highly-Secured Environments [Video]
$ 72.25
An intensive hands-on course to perform professional penetration testing
Instant Penetration Testing: Setting Up a Test Lab How-to
$ 14.99
Set up your own penetration testing lab, using practical and precise recipes
Gideros Mobile Game Development
$ 20.99
With Gideros you can develop games for both iOS and Android faster and more simply. This book shows you how with a real-life project you undertake yourself. All that’s required is a little familiarity with Lua.
Mobile Game Design Essentials
$ 29.99
Immerse yourself in the fundamentals of mobile game design. This book is written by two highly experienced industry professionals to give real insights and valuable advice on creating games for this lucrative market.
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
$ 35.99
Learn to perform professional penetration testing for highly-secured environments with this intensive hands-on guide with this book and ebook.
Learning Software Testing with Test Studio
$ 32.99
There’s all you need to get started with software testing using Test Studio in this handy tutorial. It covers test automation, execution, reporting, and much more. As a practical manual and guide to best practices it’s unbeatable.