PacktLib: Learning Pentesting for Android Devices

Learning Pentesting for Android Devices

Credits

Foreword

About the Author

Acknowledgments

About the Reviewers

www.PacktPub.com

Preface

Getting Started with Android Security

Introduction to Android

Digging deeper into Android

Sandboxing and the permission model

Application signing

Android startup process

Summary

Preparing the Battlefield

Setting up the development environment

Useful utilities for Android Pentest

Summary

Reversing and Auditing Android Apps

Android application teardown

Reversing an Android application

Using Apktool to reverse an Android application

Auditing Android applications

Content provider leakage

Insecure file storage

OWASP top 10 vulnerabilities for mobiles

Summary

Traffic Analysis for Android Devices

Android traffic interception

Ways to analyze Android traffic

HTTPS Proxy interception

Extracting sensitive files with packet capture

Summary

Android Forensics

Types of forensics

Filesystems

Using dd to extract data

Using Andriller to extract an application's data

Using AFLogical to extract contacts, calls, and text messages

Dumping application databases manually

Logging the logcat

Using backup to extract an application's data

Summary

Playing with SQLite

Understanding SQLite in depth

Security vulnerability

Summary

Lesser-known Android Attacks

Android WebView vulnerability

Infecting legitimate APKs

Vulnerabilities in ad libraries

Cross-Application Scripting in Android

Summary

ARM Exploitation

Introduction to ARM architecture

Setting up the environment

Simple stack-based buffer overflow

Return-oriented programming

Android root exploits

Summary

Writing the Pentest Report

Basics of a penetration testing report

Writing the pentest report

Summary

Security Audit of

Table of Contents

1.

2. Auditing and Methodology

3. Conclusions

Index