Wiley India Pvt Ltd
|Number of Pages
The book contains a number of sections addressing mobile application security issues on the Apple iOS, Google Android, Blackberry 10 and Windows Mobile platforms. In addition to this we propose to include sections on cross-platform Mobile Enterprise Application Platform Apps and a generic mobile application testing methodology.
Insecure data storage-understanding the different types of client-side storage for each platform and how these can be identified. This includes source code demonstrating insecure implementations and case studies of real world Apps.
Broken cryptography- understanding how poorly implemented cryptography can be defeated. This includes source code examples of insecure implementations.
Insufficient transport layer protection-detailing how to identify insecure transport security and perform practical attacks against it. This includes practical examples on how to setup an environment for identifying such insecurities, insecure code examples and advice on implementing protection mechanisms.
Data leakage - Understanding the types of different unintentional data leakages that can arise on each of the different platforms, including caches, keystrokes, logging, images and browser data stores.
Injection attacks - detailing the various injection attacks that can occur in mobile Apps, including but not limited to SQL injection, Cross - Site Scripting, XML injection and file inclusion vulnerabilities. This includes practical examples of how to perform these attacks, case studies of real world Apps and advice on remedial action.
Bypassing security controls - detailing how to bypass various security controls such as but not limited to jailbreak / root detection, tamper detection, Runtime protection and anti-debugging. Practical examples of how to develop extensions to perform these attacks, including detailed instructions on how to use existing tools.
Cross Platform Apps - providing detailed information on how cross platform Apps work, the different attack categories that apply to these Apps and detailing practical steps to evaluate and exploit these vulnerabilities. This includes case studies from various MEAP applications and source code examples for various exploit payloads.
Mobile App Testing Methodology-describing a detailed and proven methodology that introduces a thorough and comprehensive guide to assessing the security of mobile applications.
About the Author
Dominic Chell is a director of MDSec and a recognized expert in mobile security delivering training on mobile to leading global organizations in the financial, government and retail sectors. Additionally, Dominic aided in the development of a secure iOS development examination, for which he is also listed as a subject matter expert. Dominic has presented at BlackHat, Hack in the Box and OWASP. Tyrone Erasmus is Head of Mobile Practice at MWR InfoSecurity SA and is best known for his work on Android security. He is an international conference speaker, hacking tool author and Mobile Pwn2Own winner and author of the drozer framework for detecting Android vulnerabilities. Jonathan Lindsay is a security consultant. Originally a malware reverse engineer, he switched to breaking software for a variety of companies as a consultant and then moved on to work within the internal security team for Research in Motion (RIM). Jon has presented at BlackHat USA where he showed how to attack the Windows kernel. Shaun Colley is a security consultant and researcher at MDSec specializing in mobile security and reverse engineering. Shaun played an integral part in the Windows 8 security review during which he carried out several months of code review and fuzzing before the operating system's official release. Shaun has presented at Hack in the Box and several industry events.Ollie White-house serves as Security Architect at Symantec Research Labs specializing in wireless security and serves as Manager of Security Research and Assessment, EMEA, Research in Motion (SOURCE Barcelona). Before joining RIM Ollie was a member of Symantec Security Response's Advanced Threat Research team, specializing in mobile and wireless.