• No results found

Mobile Application Security and Penetration Testing Syllabus

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Mobile Application Security and Penetration Testing Syllabus"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Mobile Application Security and Penetration Testing Syllabus

Day-1

Mobile Devices Overview

1.1. Mobile Platforms 1.1.1.Android

1.1.2.iOS

1.2. Why Mobile Security

1.3. Taxonomy of Security Threats 1.3.1.OWASP Top 10 Mobile Risks 1.3.2.Physical Security

1.3.3.Poor Keyboards 1.3.4.User Profiles 1.3.5.Web Browsing 1.3.6.Malwares

1.3.6.1. Malware History 1.3.6.2. Malware Spreading 1.3.7. Patching and Updating

Mobile OS Architectures and Security Model

2.1. Android

2.1.1.Android Architecture 2.1.2.Android Security Models

2.1.2.1. Privilege Separation and Sandboxing 2.1.2.2. File System Isolation

2.1.2.3. Storage and Database Isolation 2.1.2.4. Application Signing

2.1.2.5. Permission Model

2.1.2.6. Memory Management Security Enhancement 2.1.2.7. Components

2.1.2.8. Google Bouncer 2.1.3.Rooting Devices

2.2. iOS 2.2.1.iOS Architecture 2.2.2.iOS Security Models 2.2.2.1. Privilege Separation 2.2.2.2. Sandbox

(2)

2.2.2.3. Code Signing

2.2.2.4. Keychain and Encryption 2.2.2.5. DEP/ASLR

2.2.2.6. Reduced OS

2.2.2.7. Security iOS Overview 2.2.3.Jailbreaking Devices

Day-2

Android- Setting up a Test Environment

3.1. Android SDK 3.1.1.Windows OS 3.1.2.Linux OS 3.2. Eclipse IDE

3.3. AVD and Actual Devices 3.3.1.Start AVD

3.3.2.Edit Virtual Devices Definitions 3.3.3.Create New Virtual Device

3.3.4.Run and Interact with Virtual Devices 3.3.5.Improve Virtual Devices Performance 3.3.6.Connect Actual Devices via USB 3.4. Interact with the Devices

3.4.1.Android Debug Bridge 3.4.1.1. List Devices

3.4.1.2. Gather Device Information 3.4.1.3. ADB Shell

3.4.1.4. Browse the Device 3.4.1.5. Read Databases

3.4.1.6. Move Files from/to the Device 3.4.1.7. Sqlite3

3.4.1.8. DDMS File Explorer 3.4.1.9. Mount Device Disk

3.4.1.10. Install / Uninstall Application with gdb 3.4.2.Install and Run Custom Application 3.4.3.BusyBox

3.4.4.SSH 3.4.5.VNC

(3)

iOS- Setting up a Test Environment

4.1. iOS SDK 4.1.1.Xcode IDE 4.1.2.iOS Simulator 4.1.3.Writing an iOS App

4.2. iOS Simulator and Xcode Limitations 4.3. File System and Device Interaction 4.3.1.Directory Structure

4.3.2.Plist Files 4.3.3.Databases

4.3.4.Logs and Cache Files

4.3.5.Browse Application Files and Folders 4.3.5.1. Plist

4.3.5.2. Databases

4.3.5.3. Library and Caches 4.3.5.4. Cookies.bynaricookies 4.3.6.Extract Files from Devices 4.3.7.Snapshots

4.3.8.Export Installed Apps 4.3.9.Install Applications 4.3.10. SSH Access 4.3.11. Xcode Organizer 4.4. Backups

4.5. Interact with Jailbroken Devices 4.5.1.SSH Access 4.5.1.1. Windows OS

4.5.1.2. Mac/Linux OS 4.5.1.3. SSH via cable (USB)

4.5.1.4. BigBoss Recommended Tools 4.5.2.SFTP (FTP via SSH)

4.5.3.Explorer Software 4.5.4.VNC

(4)

4.5.5.1. Don’t code sign 4.5.5.2. Self-Signed Certificate 4.5.5.3. Create and Run Custom Apps 4.5.5.4. From .app to .ipa

4.5.6.Edit Existing Application Files 4.5.7.Keychain Dumper

Day-3

Android-Reverse Engineering and Static Analysis

5.1. Decompiling and Disassembling .apk files

5.2. Smali

5.3. Decompile .apk to .jar files 5.4. From .jar to Source Code

5.5. Decompiling/Disassembling Overview 5.6. Labs

5.6.1.Locating Secrets

5.6.2.Bypassing Security Controls 5.7. Patching Binaries

iOS-Reverse Engineering and Static Analysis

6.1. .ipa and .App files 6.2. Plist

6.3. Decompiling iOS Apps: Otools 6.4. Decompiling iOS Apps: class-dump 6.5. Decompiling iOS Apps: IDA

6.6. LAB

6.6.1.Locating Information

(5)

Day-4

Android-Dynamic/Runtime Analysis

7.1. Debugging 7.2. LogCat 7.3. DDMS

7.4. Memory Analysis 7.4.1.DDMS

7.4.2.HPROF 7.4.3.Strings

7.4.4.Inspect HPROF Dump 7.4.5.MAT

7.5. IPC Mechanisms and App Components 7.5.1.Intents

7.5.2.Android Tools 7.5.2.1. Monkey

7.5.2.2. Activity Manager

7.5.2.3. LAB: Bypass Security Checks 7.5.3.Content Providers

7.5.3.1. Example #1 7.5.3.2. Example #2 7.5.3.3. Example #3

7.5.3.4. Query a Content Provider 7.5.3.5. Find the Correct URI

7.5.3.5.1. LAB: Content Providers Leakage 7.5.3.6. SQL Injection

7.5.3.6.1. LAB: SQL injection 7.5.3.7. Directory Traversal 7.5.4.SharedUID

(6)

8.1. Manually Decrypt Applications Binaries 8.1.1.GDB

8.1.2.Ldid

8.1.3.Identify ASLR/PIE

8.1.4.Calculating Area to Dump 8.1.5.Attach GDB and Dump the Area 8.1.6.Mere the Dump

8.1.7.Edit cryptid values 8.1.7.1. MachOView 8.1.8.Debug/Run the App

8.2. Decrypt Applications Binaries: Clutch

8.3. Runtime Manipulation 8.3.1.Cycript

8.3.1.1. Install Cycript

8.3.1.2. Attach Cycript to a Process 8.3.1.3. Interact with Cycript 8.3.1.4. Pop up an Alert at runtime 8.3.1.5. Bypass the Lock Screen 8.3.1.6. Attack Custom Apps: LogMeIn 8.3.1.7. Attack Custom Apps: LogMeIn2

8.4. GDB 8.4.1.Objc_msgSend

8.4.2.ARMv6 Processor Registers 8.4.3.Runtime Analysis with GDB 8.4.4.Attack Applications with GDB

Day-5

Android Network Analysis

9.1. Traffic Sniffing

9.2. Proxying Emulators and Actual Devices 9.3. Intercept Application and SSL Traffic

9.3.1.Intercept with Rooted Device and ProxyDroid 9.4. Traffic Manipulation

iOS Network Analysis

10.1. Traffic Sniffing

10.2. Proxying Simulators and Actual Devices 10.3. Proxying and Intercepting SSL Traffic: Charles 10.4. Proxying and Intercepting SSL Traffic: Burp 10.5. SSL Traffic on Actual Devices

10.5.1. Charles 10.5.2. Burp

References

Download now ( PDF - 6 Page - 135.11 KB )

Related documents

OP-AMP AND ITS APPLICATIONS

The adder circuit provides an output voltage proportional to or equal to the algebraic sum of two or more input voltages each multiplied by a constant gain factor.. It is

Shunning Complaint: A Call for Solutions from the Honors Community

Rather than asking respondents to take up rather straightforward issues that commonly face honors program and colleges, this piece urges readers to dig into more intractable

The 1994 Ebsworth

In England the developments I propose to deal with are the Administration of Justice Act of 1970, the Supreme Court Act of 1981, and the Mareva Injunction; in the United States,

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

At Caretower, we help businesses to identify vulnerabilities within their security systems and provide an action plan to help prevent security breaches occurring in the long run..

ONLINE GLOBAL SUMMIT FOR HUMAN RIGHTS IN IRAN

But I want to thank the Iranian Resistance movement, the NCRI, for organising this international online event to give us an opportunity to come together, to yet again express

Network/Internet Forensic and Intrusion Log Analysis

To understand behavior of current attacks to corporate network To experience a hands-on exercise of intrusion analysis. To learn how to comply new Thailand ICT

Brochure More information from

Product Name: Security Testing Market by Network Security Testing, Application Security Testing, SAST, DAST, Security Testing Tools, Penetration Testing Tools, Automated Testing

A report of Mongolia’s renewal capital

The main attention of this thesis is on the most commonly used national intellectual capital framework, containing human capital, market capital, process capital,