万本电子书0元读

万本电子书0元读

顶部广告

Android Security Cookbook电子书

售       价:¥

9人正在读 | 1人评论 9.8

作       者:Keith Makan

出  版  社:Packt Publishing

出版时间:2013-12-23

字       数:216.9万

所属分类: 进口书 > 外文原版书 > 电脑/网络

温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印

为你推荐

  • 读书简介
  • 目录
  • 累计评论(0条)
  • 读书简介
  • 目录
  • 累计评论(0条)
Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs."Android Security Cookbook" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from reading this book.
目录展开

Android Security Cookbook

Table of Contents

Android Security Cookbook

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Android Development Tools

Introduction

Installing the Android Development Tools (ADT)

How to do it...

Installing the Java Development Kit (JDK)

How to do it...

There's more…

Updating the API sources

How to do it...

Alternative installation of the ADT

How to do it...

Installing the Native Development Kit (NDK)

How to do it...

Emulating Android

How to do it...

Creating Android Virtual Devices (AVDs)

How to do it…

There's more…

Emulating a memory card or an external storage

The partition sizes

See also

Using the Android Debug Bridge (ADB) to interact with the AVDs

How to do it...

There's more…

See also

Copying files off/onto an AVD

How to do it...

Installing applications onto the AVDs via ADB

How to do it...

2. Engaging with Application Security

Introduction

Inspecting application certificates and signatures

Getting ready

How to do it…

How it works…

There's more...

See also

Signing Android applications

Getting ready

How to do it...

How it works...

See also

Verifying application signatures

Getting ready

How to do it...

Inspecting the AndroidManifest.xml file

Getting ready

How to do it...

How it works...

See also

Interacting with the activity manager via ADB

Getting ready

How to do it…

There's more...

See also

Extracting application resources via ADB

Getting ready

How to do it…

There's more...

3. Android Security Assessment Tools

Introduction

Installing and setting up Santoku

Getting ready

How to do it...

There's more...

Setting up drozer

How to do it...

There's more…

Running a drozer session

How to do it...

Enumerating installed packages

How to do it...

How it works...

There's more...

See also

Enumerating activities

How to do it...

There's more...

See also

Enumerating content providers

How to do it...

How it works...

There's more...

See also

Enumerating services

How to do it...

How it works…

See also

Enumerating broadcast receivers

How to do it...

See also

Determining application attack surfaces

How to do it...

How it works…

See also

Launching activities

How to do it...

How it works...

There's more…

See also

Writing a drozer module – a device enumeration module

How to do it...

How it works...

See also

Writing an application certificate enumerator

How to do it...

4. Exploiting Applications

Introduction

Protecting user data

Protecting applications from one another (isolation and privilege separation)

Protecting communication of sensitive information

Information disclosure via logcat

Getting ready

How to do it...

There's more...

See also

Inspecting network traffic

Getting ready

How to do it…

How it works...

See also

Passive intent sniffing via the activity manager

Getting ready

How to do it...

How it works...

See also

Attacking services

How to do it...

See also

Attacking broadcast receivers

How to do it...

How it works…

See also

Enumerating vulnerable content providers

How to do it...

How it works...

See also

Extracting data from vulnerable content providers

How to do it...

See also

Inserting data into content providers

How to do it...

Enumerating SQL-injection vulnerable content providers

How to do it...

See also

Exploiting debuggable applications

How to do it...

See also

Man-in-the-middle attacks on applications

Getting ready

How to do it...

See also

5. Protecting Applications

Introduction

Securing application components

How to do it...

How it works…

See also

Protecting components with custom permissions

How to do it…

Defining a permission group

How it works...

See also

Protecting content provider paths

How to do it...

See also

Defending against the SQL-injection attack

How to do it...

See also

Application signature verification (anti-tamper)

Getting ready

How to do it...

There's more...

Responding to tamper detection

See also

Tamper protection by detecting the installer, emulator, and debug flag

How to do it...

How it works...

There's more...

See also

Removing all log messages with ProGuard

Getting ready

How to do it...

How it works...

There's more...

ProGuard output

Limitations

See also

Advanced code obfuscation with DexGuard

Getting ready

Installing the DexGuard Eclipse plugin

Enabling DexGuard for the Ant build system

Enabling DexGuard for the Gradle build system

How to do it...

There's more...

See also

6. Reverse Engineering Applications

Introduction

Compiling from Java to DEX

Getting ready

How to do it...

How it works...

Decompiling DEX files

Understanding the DEX file format

The DEX file header

The StringIds section

The TypeIds section

The ProtoIds section

The FieldIds section

The MethodIds section

The ClassDefs section

Getting ready

How to do it…

There's more...

See also

Interpreting the Dalvik bytecode

Understanding the Dalvik bytecode

Getting ready

How to do it...

See also

Decompiling DEX to Java

Getting ready

How to do it...

Decompiling the application's native libraries

Getting ready

How to do it...

See also

Debugging the Android processes using the GDB server

Getting ready

How to do it...

7. Secure Networking

Introduction

Validating self-signed SSL certificates

Getting ready

How to do it...

There's more...

Using self-signed SSL certificates in a live environment

HttpsUrlConnection

Antipattern – what not to do!

See also

Using StrongTrustManager from the OnionKit library

Getting ready

How to do it...

There's more...

The Orbot and Tor networks

Pinning and CACert

See also

SSL pinning

How to do it...

There's more...

Enhancements

Limitations

See also

8. Native Exploitation and Analysis

Introduction

Inspecting file permissions

Getting ready

How to do it...

There's more...

See also

Cross-compiling native executables

How to do it...

There's more...

See also

Exploitation of race condition vulnerabilities

Getting ready

How to do it...

See also

Stack memory corruption exploitation

Getting ready

How to do it...

See also

Automated native Android fuzzing

Getting ready

How to do it...

Setting up Busybox

Fuzzing dexdump

How it works...

See also

9. Encryption and Developing Device Administration Policies

Introduction

Using cryptography libraries

How to do it...

How it works...

There's more...

See also

Generating a symmetric encryption key

How to do it...

How it works…

There's more...

Using AES-GCM for strong symmetric encryption

Antipattern – setting the seed

Android's PRNG bug

See also

Securing SharedPreferences data

Getting ready

How to do it...

How it works...

See also

Password-based encryption

Getting ready

How to do it...

How it works...

There's more…

See also

Encrypting a database with SQLCipher

Getting ready

How to do it...

How it works…

There's more...

IOCipher

See also

Android KeyStore provider

Getting ready

How to do it...

How it works...

There's more...

See also

Setting up device administration policies

Getting ready

How to do it...

How it works...

There's more...

Disabling device camera

See also

Index

累计评论(0条) 1个书友正在讨论这本书 发表评论

发表评论

发表评论,分享你的想法吧!

买过这本书的人还买过

读了这本书的人还在读

回顶部