book

The Mobile Application Hacker's Handbook

by Ollie Whitehouse, Shaun Colley, Tyrone Erasmus, Dominic Chell

February 2015

Intermediate to advanced

816 pages

21h 17m

English

Wiley

Read now

Unlock full access

Introduction
Overview of This BookHow This Book Is OrganizedWho Should Read This BookTools You Will NeedWhat's on the Website
Chapter 1 Mobile Application (In)security
The Evolution of Mobile ApplicationsMobile Application SecuritySummary
Chapter 2 Analyzing iOS Applications
Understanding the Security ModelUnderstanding iOS ApplicationsJailbreaking ExplainedUnderstanding the Data Protection APIUnderstanding the iOS KeychainUnderstanding Touch IDReverse Engineering iOS BinariesSummary
Chapter 3 Attacking iOS Applications
Introduction to Transport SecurityIdentifying Insecure StoragePatching iOS Applications with HopperAttacking the iOS RuntimeUnderstanding Interprocess CommunicationAttacking Using InjectionSummary
Chapter 4 Identifying iOS Implementation Insecurities
Disclosing Personally Identifiable InformationIdentifying Data LeaksMemory Corruption in iOS ApplicationsSummary
Chapter 5 Writing Secure iOS Applications
Protecting Data in Your ApplicationAvoiding Injection VulnerabilitiesSecuring Your Application with Binary ProtectionsSummary
Chapter 6 Analyzing Android Applications
Creating Your First Android EnvironmentUnderstanding Android ApplicationsUnderstanding the Security ModelReverse-Engineering ApplicationsSummary
Chapter 7 Attacking Android Applications
Exposing Security Model QuirksAttacking Application ComponentsAccessing Storage and LoggingMisusing Insecure CommunicationsExploiting Other VectorsAdditional Testing TechniquesSummary
Chapter 8 Identifying and Exploiting Android Implementation Issues
Reviewing Pre-Installed ApplicationsExploiting DevicesInfiltrating User DataSummary
Chapter 9 Writing Secure Android Applications
Principle of Least ExposureEssential Security MechanismsAdvanced Security MechanismsSlowing Down a Reverse EngineerSummary

Chapter 10 Analyzing Windows Phone Applications
Understanding the Security ModelUnderstanding Windows Phone 8.x ApplicationsBuilding a Test EnvironmentAnalyzing Application BinariesSummary
Chapter 11 Attacking Windows Phone Applications
Analyzing for Data Entry PointsAttacking Transport SecurityAttacking WebBrowser and WebView ControlsIdentifying Interprocess Communication VulnerabilitiesAttacking XML ParsingAttacking DatabasesAttacking File HandlingPatching .NET AssembliesSummary
Chapter 12 Identifying Windows Phone Implementation Issues
Identifying Insecure Application Settings StorageIdentifying Data LeaksIdentifying Insecure Data StorageInsecure Random Number GenerationInsecure Cryptography and Password UseIdentifying Native Code VulnerabilitiesSummary
Chapter 13 Writing Secure Windows Phone Applications
General Security Design ConsiderationsStoring and Encrypting Data SecurelySecure Random Number GenerationSecuring Data in Memory and Wiping MemoryAvoiding SQLite InjectionImplementing Secure CommunicationsAvoiding Cross-Site Scripting in WebViews and WebBrowser ComponentsSecure XML ParsingClearing Web Cache and Web CookiesAvoiding Native Code BugsUsing Exploit Mitigation FeaturesSummary
Chapter 14 Analyzing BlackBerry Applications
Understanding BlackBerry LegacyUnderstanding BlackBerry 10Understanding the BlackBerry 10 Security ModelBlackBerry 10 JailbreakingUsing Developer ModeThe BlackBerry 10 Device SimulatorAccessing App Data from a DeviceAccessing BAR FilesLooking at ApplicationsSummary
Chapter 15 Attacking BlackBerry Applications
Traversing Trust BoundariesSummary
Chapter 16 Identifying BlackBerry Application Issues
Limiting Excessive PermissionsResolving Data Storage IssuesChecking Data TransmissionHandling Personally Identifiable Information and PrivacyEnsuring Secure DevelopmentSummary
Chapter 17 Writing Secure BlackBerry Applications
Securing BlackBerry OS 7.x and Earlier Legacy Java ApplicationsSecuring BlackBerry 10 Native ApplicationsSecuring BlackBerry 10 Cascades ApplicationsSecuring BlackBerry 10 HTML5 and JavaScript (WebWorks) ApplicationsSecuring Android Applications on BlackBerry 10Summary
Chapter 18 Cross-Platform Mobile Applications
Introduction to Cross-Platform Mobile ApplicationsBridging Native FunctionalityExploring PhoneGap and Apache CordovaSummary
Title page
Copyright
Dedication
About the Authors
About the Technical Editor
Credits
Acknowledgments
EULA

Content preview from The Mobile Application Hacker's Handbook

About the Authors

Dominic Chell is a cofounder of MDSec, where in addition to leading the mobile practice, he is responsible for delivering consultancy and training engagements for a variety of clients. Dominic’s career has spanned over a decade and has been almost entirely focused on the technical aspects of application security. He has spoken at numerous conferences as well as releasing several publications on mobile security. Dominic is also listed as a subject matter expert for a secure iOS development exam.

Tyrone Erasmus has a degree in computer engineering and is currently the head of mobile security at MWR InfoSecurity South Africa. He enjoys delving into many different areas of penetration testing and security research, with a large portion of his research efforts in the past spent on Android. His interests lie predominantly in offensive security and the advancement of tools and new techniques in this sphere. He has spoken at various security conferences, and was part of the team that won the Android category at Mobile Pwn2Own in 2012. His work is acknowledged internationally in the Android hacking space, and he is known among peers as a well-rounded security professional.

Shaun Colley is a principal security consultant for IOActive where he focuses on mobile device security, native code review, and reverse engineering. During his career, he has been primarily focused on mobile security and reverse engineering. Shaun has also spoken several times at industry meets and ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781118958513Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Mobile Application Hacker's Handbook

by Ollie Whitehouse, Shaun Colley, Tyrone Erasmus, Dominic Chell

About the Authors

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.