|
` [资料分享]+[size=21.3333339691162px]Android security cookbook 一、看威武霸气的封面 作者:Keith Makan (作者), Scott Alexander-Bown (作者) 二、读读简介,看看适合你吗? Android Security Cookbook' breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabili ties in the form of detailed recipes and walkthroughs. "Android Security Cookbook" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from reading this book. 三、看看目录,了解其主要内容 Preface 1Chapter 1: Android Development Tools 7 Introduction 7
Installing the Android Development Tools (ADT) 8
Installing the Java Development Kit (JDK) 12
Updating the API sources 16
Alternative installation of the ADT 17
Installing the Native Development Kit (NDK) 22
Emulating Android 24
Creating Android Virtual Devices (AVDs) 27
Using the Android Debug Bridge (ADB) to interact with the AVDs 29
Copying files off/onto an AVD 30
Installing applications onto the AVDs via ADB 31Chapter 2: Engaging with Application Security 33
Introduction 33
Inspecting application certificates and signatures 34
Signing Android applications 45
Verifying application signatures 48
Inspecting the AndroidManifest.xml file 49
Interacting with the activity manager via ADB 59
Extracting application resources via ADB 63Chapter 3: Android Security Assessment Tools 71
Introduction 71
Installing and setting up Santoku 73
Setting up drozer 79
Running a drozer session 87
Enumerating installed packages 90
Enumerating activities 95
Enumerating content providers 98
Enumerating services 100
Enumerating broadcast receivers 103
Determining application attack surfaces 104
Launching activities 106
Writing a drozer module – a device enumeration module 108
Writing an application certificate enumerator 112Chapter 4: Exploiting Applications 115
Introduction 115
Information disclosure via logcat 118
Inspecting network traffic 123
Passive intent sniffing via the activity manager 129
Attacking services 135
Attacking broadcast receivers 139
Enumerating vulnerable content providers 141
Extracting data from vulnerable content providers 144
Inserting data into content providers 148
Enumerating SQL-injection vulnerable content providers 150
Exploiting debuggable applications 152
Man-in-the-middle attacks on applications 158Chapter 5: Protecting Applications 165
Introduction 165
Securing application components 166
Protecting components with custom permissions 168
Protecting content provider paths 171
Defending against the SQL-injection attack 174
Application signature verification (anti-tamper) 177
Tamper protection by detecting the installer, emulator, and debug flag 181
Removing all log messages with ProGuard 184
Advanced code obfuscation with DexGuard 189Chapter 6: Reverse Engineering Applications 195
Introduction 195
Compiling from Java to DEX 197
Decompiling DEX files 200
Interpreting the Dalvik bytecode 218
Decompiling DEX to Java 227
Decompiling the application's native libraries 231
Debugging the Android processes using the GDB server 232Chapter 7: Secure Networking 237
Introduction 237
Validating self-signed SSL certificates 238
Using StrongTrustManager from the OnionKit library 247
SSL pinning 249Chapter 8: Native Exploitation and Analysis 257
Introduction 257
Inspecting file permissions 258
Cross-compiling native executables 268
Exploitation of race condition vulnerabilities 276
Stack memory corruption exploitation 281
Automated native Android fuzzing 289Chapter 9: Encryption and Developing DeviceAdministration Policies 301
Introduction 301
Using cryptography libraries 302
Generating a symmetric encryption key 304
Securing SharedPreferences data 308
Password-based encryption 310
Encrypting a database with SQLCipher 314
Android KeyStore provider 317
Setting up device administration policies 320Index 329
五、喜欢吗?还在等什么?抓紧下载奥! 360网盘:[size=21.3333339691162px]http://yunpan.cn/cHxIrShrnB6QI 访问密码 d9ac
`
| 
0
/7 
工商网监
湘ICP备2023018690号
3017
淘帖
0
