Book description
Secure today's mobile devices and applications
Implement a systematic approach to security in your mobile application development with help from this practical guide. Featuring case studies, code examples, and best practices, Mobile Application Security details how to protect against vulnerabilities in the latest smartphone and PDA platforms. Maximize isolation, lockdown internal and removable storage, work with sandboxing and signing, and encrypt sensitive user information. Safeguards against viruses, worms, malware, and buffer overflow exploits are also covered in this comprehensive resource.
- Design highly isolated, secure, and authenticated mobile applications
- Use the Google Android emulator, debugger, and third-party security tools
- Configure Apple iPhone APIs to prevent overflow and SQL injection attacks
- Employ private and public key cryptography on Windows Mobile devices
- Enforce fine-grained security policies using the BlackBerry Enterprise Server
- Plug holes in Java Mobile Edition, SymbianOS, and WebOS applications
- Test for XSS, CSRF, HTTP redirects, and phishing attacks on WAP/Mobile HTML applications
- Identify and eliminate threats from Bluetooth, SMS, and GPS services
Himanshu Dwivedi is a co-founder of iSEC Partners (www.isecpartners.com), an information security firm specializing in application security. Chris Clark is a principal security consultant with iSEC Partners. David Thiel is a principal security consultant with iSEC Partners.
Table of contents
- Cover Page
- Mobile Application Security
- Copyright Page
- About the Authors
- Dedication
- Contents
- Acknowledgments
- Introduction
-
Part I Mobile Platforms
-
Chapter 1 Top Mobile Issues and Development Strategies
-
Top Issues Facing Mobile Devices
- Physical Security
- Secure Data Storage (on Disk)
- Strong Authentication with Poor Keyboards
- Multiple-User Support with Security
- Safe Browsing Environment
- Secure Operating Systems
- Application Isolation
- Information Disclosure
- Virus, Worms, Trojans, Spyware, and Malware
- Difficult Patching/Update Process
- Strict Use and Enforcement of SSL
- Phishing
- Cross-Site Request Forgery (CSRF)
- Location Privacy/Security
- Insecure Device Drivers
- Multifactor Authentication
-
Tips for Secure Mobile Application Development
- Leverage TLS/SSL
- Follow Secure Programming Practices
- Validate Input
- Leverage the Permissions Model Used by the OS
- Use the Least Privilege Model for System Access
- Store Sensitive Information Properly
- Sign the Application’s Code
- Figure Out a Secure and Strong Update Process
- Understand the Mobile Browser’s Security Strengths and Limitations
- Zero Out the Nonthreats
- Use Secure/Intuitive Mobile URLs
- Conclusion
-
Top Issues Facing Mobile Devices
-
Chapter 2 Android Security
- Development and Debugging on Android
- Android’s Securable IPC Mechanisms
- Android’s Security Model
- Android Permissions Review
- Creating New Manifest Permissions
- Intents
- Activities
- Broadcasts
- Services
- ContentProviders
- Avoiding SQL Injection
- Intent Reflection
- Files and Preferences
- Mass Storage
- Binder Interfaces
- Android Security Tools
- Conclusion
- Chapter 3 The Apple iPhone
- Chapter 4 Windows Mobile Security
- Chapter 5 BlackBerry Security
- Chapter 6 Java Mobile Edition Security
- Chapter 7 SymbianOS Security
- Chapter 8 WebOS Security
-
Chapter 1 Top Mobile Issues and Development Strategies
-
Part II Mobile Services
- Chapter 9 WAP and Mobile HTML Security
- Chapter 10 Bluetooth Security
- Chapter 11 SMS Security
- Chapter 12 Mobile Geolocation
- Chapter 13 Enterprise Security on the Mobile OS
- Part III Appendixes
- Index
Product information
- Title: Mobile Application Security
- Author(s):
- Release date: February 2010
- Publisher(s): McGraw-Hill
- ISBN: 9780071633574
You might also like
book
Web Application Security, 2nd Edition
In the first edition of this critically acclaimed book, Andrew Hoffman defined the three pillars of …
book
Web Application Security
While many resources for network and IT security are available, detailed knowledge regarding modern web application …
book
The Mobile Application Hacker's Handbook
See your app through a hacker's eyes to find the real sources of vulnerability The Mobile …
video
Making Sense of Application Security
Adib Saikali uses real-world scenarios to build out a roadmap for application developers and architects to …