The Mobile Application Hacker's Handbook

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Book description

See your app through a hacker's eyes to find the real sources of vulnerability

The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security.

Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data.

IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide.

Table of contents

1. Introduction
   1. Overview of This Book
   2. How This Book Is Organized
   3. Who Should Read This Book
   4. Tools You Will Need
   5. What's on the Website
   1. The Evolution of Mobile Applications
   2. Mobile Application Security
   3. Summary
   1. Understanding the Security Model
   2. Understanding iOS Applications
   3. Jailbreaking Explained
   4. Understanding the Data Protection API
   5. Understanding the iOS Keychain
   6. Understanding Touch ID
   7. Reverse Engineering iOS Binaries
   8. Summary
   1. Introduction to Transport Security
   2. Identifying Insecure Storage
   3. Patching iOS Applications with Hopper
   4. Attacking the iOS Runtime
   5. Understanding Interprocess Communication
   6. Attacking Using Injection
   7. Summary
   1. Disclosing Personally Identifiable Information
   2. Identifying Data Leaks
   3. Memory Corruption in iOS Applications
   4. Summary
   1. Protecting Data in Your Application
   2. Avoiding Injection Vulnerabilities
   3. Securing Your Application with Binary Protections
   4. Summary
   1. Creating Your First Android Environment
   2. Understanding Android Applications
   3. Understanding the Security Model
   4. Reverse-Engineering Applications
   5. Summary
   1. Exposing Security Model Quirks
   2. Attacking Application Components
   3. Accessing Storage and Logging
   4. Misusing Insecure Communications
   5. Exploiting Other Vectors
   6. Additional Testing Techniques
   7. Summary
   1. Reviewing Pre-Installed Applications
   2. Exploiting Devices
   3. Infiltrating User Data
   4. Summary
   1. Principle of Least Exposure
   2. Essential Security Mechanisms
   3. Advanced Security Mechanisms
   4. Slowing Down a Reverse Engineer
   5. Summary
   1. Understanding the Security Model
   2. Understanding Windows Phone 8.x Applications
   3. Building a Test Environment
   4. Analyzing Application Binaries
   5. Summary
   1. Analyzing for Data Entry Points
   2. Attacking Transport Security
   3. Attacking WebBrowser and WebView Controls
   4. Identifying Interprocess Communication Vulnerabilities
   5. Attacking XML Parsing
   6. Attacking Databases
   7. Attacking File Handling
   8. Patching .NET Assemblies
   9. Summary
   1. Identifying Insecure Application Settings Storage
   2. Identifying Data Leaks
   3. Identifying Insecure Data Storage
   4. Insecure Random Number Generation
   5. Insecure Cryptography and Password Use
   6. Identifying Native Code Vulnerabilities
   7. Summary
   1. General Security Design Considerations
   2. Storing and Encrypting Data Securely
   3. Secure Random Number Generation
   4. Securing Data in Memory and Wiping Memory
   5. Avoiding SQLite Injection
   6. Implementing Secure Communications
   7. Avoiding Cross-Site Scripting in WebViews and WebBrowser Components
   8. Secure XML Parsing
   9. Clearing Web Cache and Web Cookies
   10. Avoiding Native Code Bugs
   11. Using Exploit Mitigation Features
   12. Summary
   1. Understanding BlackBerry Legacy
   2. Understanding BlackBerry 10
   3. Understanding the BlackBerry 10 Security Model
   4. BlackBerry 10 Jailbreaking
   5. Using Developer Mode
   6. The BlackBerry 10 Device Simulator
   7. Accessing App Data from a Device
   8. Accessing BAR Files
   9. Looking at Applications
   10. Summary
   1. Traversing Trust Boundaries
   2. Summary
   1. Limiting Excessive Permissions
   2. Resolving Data Storage Issues
   3. Checking Data Transmission
   4. Handling Personally Identifiable Information and Privacy
   5. Ensuring Secure Development
   6. Summary
   1. Securing BlackBerry OS 7.x and Earlier Legacy Java Applications
   2. Securing BlackBerry 10 Native Applications
   3. Securing BlackBerry 10 Cascades Applications
   4. Securing BlackBerry 10 HTML5 and JavaScript (WebWorks) Applications
   5. Securing Android Applications on BlackBerry 10
   6. Summary
   1. Introduction to Cross-Platform Mobile Applications
   2. Bridging Native Functionality
   3. Exploring PhoneGap and Apache Cordova
   4. Summary
   Show and hide more

   Product information

   • Title: The Mobile Application Hacker's Handbook
   • Author(s): Ollie Whitehouse, Shaun Colley, Tyrone Erasmus, Dominic Chell
   • Release date: February 2015
   • Publisher(s): Wiley
   • ISBN: 9781118958506

   You might also like

   Check it out now on O’Reilly

   Dive in for free with a 10-day trial of the O’Reilly learning platform—then explore all the other resources our members count on to build skills and solve problems every day.