Mobile Application Security and Penetration Testing Syllabus

Size: px
Start display at page:

Download "Mobile Application Security and Penetration Testing Syllabus"

Transcription

1 Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms Android iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats OWASP Top 10 Mobile Risks Physical Security Poor Keyboards User Profiles Web Browsing Malwares Malware History Malware Spreading Patching and Updating Day-1 Mobile OS Architectures and Security Model 2.1. Android Android Architecture Android Security Models Privilege Separation and Sandboxing File System Isolation Storage and Database Isolation Application Signing Permission Model Memory Management Security Enhancement Components Google Bouncer Rooting Devices 2.2. ios iOS Architecture iOS Security Models Privilege Separation Sandbox

2 Code Signing Keychain and Encryption DEP/ASLR Reduced OS Security ios Overview Jailbreaking Devices Day-2 Android- Setting up a Test Environment 3.1. Android SDK Windows OS Linux OS 3.2. Eclipse IDE 3.3. AVD and Actual Devices Start AVD Edit Virtual Devices Definitions Create New Virtual Device Run and Interact with Virtual Devices Improve Virtual Devices Performance Connect Actual Devices via USB 3.4. Interact with the Devices Android Debug Bridge List Devices Gather Device Information ADB Shell Browse the Device Read Databases Move Files from/to the Device Sqlite DDMS File Explorer Mount Device Disk Install / Uninstall Application with gdb Install and Run Custom Application BusyBox SSH VNC

3 ios- Setting up a Test Environment 4.1. ios SDK Xcode IDE iOS Simulator Writing an ios App 4.2. ios Simulator and Xcode Limitations 4.3. File System and Device Interaction Directory Structure Plist Files Databases Logs and Cache Files Browse Application Files and Folders Plist Databases Library and Caches Cookies.bynaricookies Extract Files from Devices Snapshots Export Installed Apps Install Applications SSH Access Xcode Organizer 4.4. Backups 4.5. Interact with Jailbroken Devices SSH Access Windows OS Mac/Linux OS SSH via cable (USB) BigBoss Recommended Tools SFTP (FTP via SSH) Explorer Software VNC Run Apps without Developer Account

4 Don t code sign Self-Signed Certificate Create and Run Custom Apps From.app to.ipa Edit Existing Application Files Keychain Dumper Day-3 Android-Reverse Engineering and Static Analysis 5.1. Decompiling and Disassembling.apk files 5.2. Smali 5.3. Decompile.apk to.jar files 5.4. From.jar to Source Code 5.5. Decompiling/Disassembling Overview 5.6. Labs Locating Secrets Bypassing Security Controls 5.7. Patching Binaries ios-reverse Engineering and Static Analysis 6.1..ipa and.app files 6.2. Plist 6.3. Decompiling ios Apps: Otools 6.4. Decompiling ios Apps: class-dump 6.5. Decompiling ios Apps: IDA 6.6. LAB Locating Information 6.7. Patching ios Apps Simulator

5 Day-4 Android-Dynamic/Runtime Analysis 7.1. Debugging 7.2. LogCat 7.3. DDMS 7.4. Memory Analysis DDMS HPROF Strings Inspect HPROF Dump MAT 7.5. IPC Mechanisms and App Components Intents Android Tools Monkey Activity Manager LAB: Bypass Security Checks Content Providers Example # Example # Example # Query a Content Provider Find the Correct URI LAB: Content Providers Leakage SQL Injection LAB: SQL injection Directory Traversal SharedUID ios-dynamic/runtime Analysis

6 8.1. Manually Decrypt Applications Binaries GDB Ldid Identify ASLR/PIE Calculating Area to Dump Attach GDB and Dump the Area Mere the Dump Edit cryptid values MachOView Debug/Run the App 8.2. Decrypt Applications Binaries: Clutch 8.3. Runtime Manipulation Cycript Install Cycript Attach Cycript to a Process Interact with Cycript Pop up an Alert at runtime Bypass the Lock Screen Attack Custom Apps: LogMeIn Attack Custom Apps: LogMeIn GDB Objc_msgSend ARMv6 Processor Registers Runtime Analysis with GDB Attack Applications with GDB Day-5 Android Network Analysis 9.1. Traffic Sniffing 9.2. Proxying Emulators and Actual Devices 9.3. Intercept Application and SSL Traffic Intercept with Rooted Device and ProxyDroid 9.4. Traffic Manipulation ios Network Analysis Traffic Sniffing Proxying Simulators and Actual Devices Proxying and Intercepting SSL Traffic: Charles Proxying and Intercepting SSL Traffic: Burp SSL Traffic on Actual Devices Charles Burp

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules

SYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification

More information

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus

Mobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing

More information

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus

Mobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques

More information

Advanced ANDROID & ios Hands-on Exploitation

Advanced ANDROID & ios Hands-on Exploitation Advanced ANDROID & ios Hands-on Exploitation By Attify Trainers Aditya Gupta Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages

More information

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications Reverse Engineering ios Applications Drew Branch, Independent Security Evaluators, Associate Security Analyst ABSTRACT' Mobile applications are a part of nearly everyone s life, and most use multiple mobile

More information

Android Mobile Application Hacking Penetration Testing. 3-Day Hands-On Course. Course Syllabus

Android Mobile Application Hacking Penetration Testing. 3-Day Hands-On Course. Course Syllabus Android Mobile Application Hacking Penetration Testing 3-Day Hands-On Course Course Syllabus Android mobile application hacking 3-day hands on course Course description This course will focus on the techniques

More information

Enterprise Application Security Workshop Series

Enterprise Application Security Workshop Series Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants

More information

ios applications security testing cheat sheet Oana Cornea

ios applications security testing cheat sheet Oana Cornea ios applications security testing cheat sheet Oana Cornea About Me Oana Cornea Application Security Analyst at Electronic Arts, in Bucharest, Romania. Agenda Introduction ios security model ios application

More information

Security Testing Guidelines for mobile Apps

Security Testing Guidelines for mobile Apps The OWASP Foundation http://www.owasp.org Security Testing Guidelines for mobile Apps Florian Stahl Johannes Ströher AppSec Research EU 2013 Who we are Florian Stahl Johannes Ströher Lead Consultant for

More information

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications

Android & ios Application Vulnerability Assessment & Penetration Testing Training. 2-Day hands on workshop on VAPT of Android & ios Applications Android & ios Application Vulnerability Assessment & Penetration Testing Training 2-Day hands on workshop on VAPT of Android & ios Applications Course Title Workshop on VAPT of Android & ios Applications

More information

Mobile Application Security Testing ASSESSMENT & CODE REVIEW

Mobile Application Security Testing ASSESSMENT & CODE REVIEW Mobile Application Security Testing ASSESSMENT & CODE REVIEW Sept. 31 st 2014 Presenters ITAC 2014 Bishop Fox Francis Brown Partner Joe DeMesy Security Associate 2 Introductions FRANCIS BROWN Hi, I m Fran

More information

Pentesting iphone Applications. Satishb3 http://www.securitylearn.net

Pentesting iphone Applications. Satishb3 http://www.securitylearn.net Pentesting iphone Applications Satishb3 http://www.securitylearn.net Agenda iphone App Basics App development App distribution Pentesting iphone Apps Methodology Areas of focus Major Mobile Threats Who

More information

Pentesting Mobile Applications

Pentesting Mobile Applications WEB 应 用 安 全 和 数 据 库 安 全 的 领 航 者! 安 恒 信 息 技 术 有 限 公 司 Pentesting Mobile Applications www.dbappsecurity.com.cn Who am I l Frank Fan: CTO of DBAPPSecurity Graduated from California State University as a Computer

More information

OWASP NZ Day 2011 Testing Mobile Applications

OWASP NZ Day 2011 Testing Mobile Applications OWASP NZ Day 2011 Testing Mobile Applications Presenter: Nick von Dadelszen Date: 7 th July 2011 Company: Lateral Security (IT) Services Limited Company overview Company Lateral Security (IT) Services

More information

CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001

CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001 CompTIA Mobile App Security+ Certification Exam (ios Edition) Live exam IOS-001 Beta Exam IO1-001 INTRODUCTION This exam will certify that the successful candidate has the knowledge and skills required

More information

Pentesting Android Mobile Application

Pentesting Android Mobile Application Pentesting Android Mobile Application Overview on Mobile applications Connect in Superior Way!! Mobile market is the worldwide rapidly developing segments since many customers are using mobile phones.

More information

Pentesting Android Apps. Sneha Rajguru (@Sneharajguru)

Pentesting Android Apps. Sneha Rajguru (@Sneharajguru) Pentesting Android Apps Sneha Rajguru (@Sneharajguru) About Me Penetration Tester Web, Mobile and Infrastructure applications, Secure coding ( part time do secure code analysis), CTF challenge writer (at

More information

Penetration Testing Android Applications

Penetration Testing Android Applications Author: Kunjan Shah Security Consultant Foundstone Professional Services Table of Contents Penetration Testing Android Applications... 1 Table of Contents... 2 Abstract... 3 Background... 4 Setting up

More information

Running a Program on an AVD

Running a Program on an AVD Running a Program on an AVD Now that you have a project that builds an application, and an AVD with a system image compatible with the application s build target and API level requirements, you can run

More information

Please Complete Speaker Feedback Surveys. SecurityTube.net

Please Complete Speaker Feedback Surveys. SecurityTube.net Please Complete Speaker Feedback Surveys Advanced ios Applica:on Pentes:ng Vivek Ramachandran Founder, SecurityTube.net vivek@securitytube.net Vivek Ramachandran B.Tech, ECE IIT Guwaha: Media Coverage

More information

AppUse - Android Pentest Platform Unified

AppUse - Android Pentest Platform Unified AppUse - Android Pentest Platform Unified Standalone Environment AppUse is designed to be a weaponized environment for Android application penetration testing. It is a unique, free, and rich platform aimed

More information

Penetration Testing for iphone Applications Part 1

Penetration Testing for iphone Applications Part 1 Penetration Testing for iphone Applications Part 1 This article focuses specifically on the techniques and tools that will help security professionals understand penetration testing methods for iphone

More information

Mobile Application Security: Who, How and Why

Mobile Application Security: Who, How and Why Mobile Application Security: Who, How and Why Presented by: Mike Park Managing Security Consultant Trustwave SpiderLabs Who Am I Mike Park Managing Consultant, Application Security Services, Trustwave

More information

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ ^ Boca Raton London New York ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an

More information

Android Programming and Security

Android Programming and Security Android Programming and Security Dependable and Secure Systems Andrea Saracino andrea.saracino@iet.unipi.it Outlook (1) The Android Open Source Project Philosophy Players Outlook (2) Part I: Android System

More information

Android Security Evaluation Framework

Android Security Evaluation Framework INTRODUCING... A S E F Android Security Evaluation Framework - Parth Patel $ whoami_ Agenda Manual Research Automation - A S E F Let s solve problems Conclusion Android OS Open Source Security Evaluation

More information

Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application

Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application Since the introduction of the iphone, Apple has sold more than 315 million

More information

Security Vulnerabilities in 3rd-Party ios Applications

Security Vulnerabilities in 3rd-Party ios Applications Security Vulnerabilities in 3rd-Party ios Applications Wentworth Institute of Technology Boston, MA Sonny Fazio Sonny Fazio - Wentworth Institute of Technology - Security Vulnerabilities in 3rd-party ios

More information

Lab 4 In class Hands-on Android Debugging Tutorial

Lab 4 In class Hands-on Android Debugging Tutorial Lab 4 In class Hands-on Android Debugging Tutorial Submit lab 4 as PDF with your feedback and list each major step in this tutorial with screen shots documenting your work, i.e., document each listed step.

More information

ios Testing Tools David Lindner Director of Mobile and IoT Security

ios Testing Tools David Lindner Director of Mobile and IoT Security ios Testing Tools David Lindner Director of Mobile and IoT Security Who is this guy? David Lindner @golfhackerdave david.lindner@nvisium.com 15+ years consulting experience I hack and golf, sometimes at

More information

Penetration Testing for iphone / ipad Applications

Penetration Testing for iphone / ipad Applications Penetration Testing for iphone / ipad Applications Author: Kunjan Shah Security Consultant Foundstone Professional Services Table of Contents Penetration Testing for iphone / ipad Applications... 1 Table

More information

Pentesting iphone & ipad Apps Hack In Paris 2011 June 17

Pentesting iphone & ipad Apps Hack In Paris 2011 June 17 Pentesting iphone & ipad Apps Hack In Paris 2011 June 17 Who are we? Flora Bottaccio Security Analyst at ADVTOOLS Sebastien Andrivet Director, co-founder of ADVTOOLS ADVTOOLS Swiss company founded in 2002

More information

The "Eclipse Classic" version is recommended. Otherwise, a Java or RCP version of Eclipse is recommended.

The Eclipse Classic version is recommended. Otherwise, a Java or RCP version of Eclipse is recommended. Installing the SDK This page describes how to install the Android SDK and set up your development environment for the first time. If you encounter any problems during installation, see the Troubleshooting

More information

Next Presentation Begins at 14:40. How To Hack An App

Next Presentation Begins at 14:40. How To Hack An App Next Presentation Begins at 14:40 How To Hack An App Winston Bond wbond@arxan.com How To Hack An App Winston Bond wbond@arxan.com How To Hack An App Winston Bond European Technical Manager Arxan Technologies

More information

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing

More information

Blackbox Android. Breaking Enterprise Class Applications and Secure Containers. Marc Blanchou Mathew Solnik 10/13/2011. https://www.isecpartners.

Blackbox Android. Breaking Enterprise Class Applications and Secure Containers. Marc Blanchou Mathew Solnik 10/13/2011. https://www.isecpartners. Blackbox Android Breaking Enterprise Class Applications and Secure Containers Marc Blanchou Mathew Solnik 10/13/2011 https://www.isecpartners.com Agenda Background Enterprise Class Applications Threats

More information

Getting Started with Android Development

Getting Started with Android Development Getting Started with Android Development By Steven Castellucci (v1.1, January 2015) You don't always need to be in the PRISM lab to work on your 4443 assignments. Working on your own computer is convenient

More information

Android (in)security. Having fun with Android. Sarantis Makoudis

Android (in)security. Having fun with Android. Sarantis Makoudis Android (in)security Having fun with Android Sarantis Makoudis About Me BSc in Digital Systems, University of Piraeus, 2010 MSc in Information Security, Royal Holloway, University of London,2012 Penetration

More information

Mercury User Guide v1.1

Mercury User Guide v1.1 Mercury User Guide v1.1 Tyrone Erasmus 2012-09-03 Index Index 1. Introduction... 3 2. Getting started... 4 2.1. Recommended requirements... 4 2.2. Download locations... 4 2.3. Setting it up... 4 2.3.1.

More information

Università Degli Studi di Parma. Distributed Systems Group. Android Development. Lecture 1 Android SDK & Development Environment. Marco Picone - 2012

Università Degli Studi di Parma. Distributed Systems Group. Android Development. Lecture 1 Android SDK & Development Environment. Marco Picone - 2012 Android Development Lecture 1 Android SDK & Development Environment Università Degli Studi di Parma Lecture Summary - 2 The Android Platform Android Environment Setup SDK Eclipse & ADT SDK Manager Android

More information

Securing ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH

Securing ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH Securing ios Applications Dr. Bruce Sams, OPTIMAbit GmbH About Me President of OPTIMAbit GmbH Responsible for > 200 Pentests per Year Ca 50 ios Pentests and code reviews in the last two years. Overview

More information

Introduction to Android. CSG250 Wireless Networks Fall, 2008

Introduction to Android. CSG250 Wireless Networks Fall, 2008 Introduction to Android CSG250 Wireless Networks Fall, 2008 Outline Overview of Android Programming basics Tools & Tricks An example Q&A Android Overview Advanced operating system Complete software stack

More information

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active HP AppPulse Active Software Version: 2.2 For AppPulse Active Document Release Date: February 2015 Software Release Date: November 2014 Legal Notices Warranty The only warranties for HP products and services

More information

Attack and Penetration Testing 101

Attack and Penetration Testing 101 Attack and Penetration Testing 101 Presented by Paul Petefish PaulPetefish@Solutionary.com July 15, 2009 Copyright 2000-2009, Solutionary, Inc. All rights reserved. Version 2.2 Agenda Penetration Testing

More information

Republic Polytechnic School of Information and Communications Technology C226 Operating System Concepts. Module Curriculum

Republic Polytechnic School of Information and Communications Technology C226 Operating System Concepts. Module Curriculum Republic Polytechnic School of Information and Communications Technology C6 Operating System Concepts Module Curriculum Module Description: This module examines the fundamental components of single computer

More information

Learn the fundamentals of Software Development and Hacking of the iphone Operating System.

Learn the fundamentals of Software Development and Hacking of the iphone Operating System. Course: Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: Learn the fundamentals of Software Development and Hacking of the iphone Operating System. provides an Instructor-led

More information

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK

APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced

More information

Hello World. by Elliot Khazon

Hello World. by Elliot Khazon Hello World by Elliot Khazon Prerequisites JAVA SDK 1.5 or 1.6 Windows XP (32-bit) or Vista (32- or 64-bit) 1 + more Gig of memory 1.7 Ghz+ CPU Tools Eclipse IDE 3.4 or 3.5 SDK starter package Installation

More information

Practical Attacks against Mobile Device Management Solutions

Practical Attacks against Mobile Device Management Solutions Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly

More information

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking Today s bank customers can perform most of their financial activities online. According to a global survey

More information

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant

How Security Testing can ensure Your Mobile Application Security. Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant How Security Testing can ensure Your Mobile Application Security Yohannes, CEHv8, ECSAv8, ISE, OSCP(PWK) Information Security Consultant Once More Consulting & Advisory Services IT Governance IT Strategic

More information

Defending Behind The Device Mobile Application Risks

Defending Behind The Device Mobile Application Risks Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem

More information

Introduction to Android

Introduction to Android Introduction to Android Android Smartphone Programming Matthias Keil Institute for Computer Science Faculty of Engineering October 19, 2015 Outline 1 What is Android? 2 Development on Android 3 Applications:

More information

Malware in ios and Android The Gathering Storm?

Malware in ios and Android The Gathering Storm? Malware in ios and Android The Gathering Storm? 2 Introduction About Me Security consultant Android and ios security testing Researcher in Android malware 3 Agenda Introduction to Mobile Malware Introduction

More information

Android Development. Lecture AD 0 Android SDK & Development Environment. Università degli Studi di Parma. Mobile Application Development

Android Development. Lecture AD 0 Android SDK & Development Environment. Università degli Studi di Parma. Mobile Application Development Android Development Lecture AD 0 Android SDK & Development Environment 2013/2014 Parma Università degli Studi di Parma Lecture Summary Android Module Overview The Android Platform Android Environment Setup

More information

CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001

CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001 CompTIA Mobile App Security+ Certification Exam (Android Edition) Live exam ADR-001 Beta Exam AD1-001 INTRODUCTION This exam will certify that the successful candidate has the knowledge and skills required

More information

DiamondStream Data Security Policy Summary

DiamondStream Data Security Policy Summary DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers

More information

Mobile Payment Services- Security Risks, Trends and Countermeasures

Mobile Payment Services- Security Risks, Trends and Countermeasures Mobile Payment Services- Security Risks, Trends and Countermeasures Agenda Trends in mobile payments Security risks in mobile payments applications and devices Mitigation strategy through secure SDLC Mobile

More information

XenMobile Logs Collection Guide

XenMobile Logs Collection Guide XenMobile Logs Collection Guide 1 Contents Summary... 3 Background... 3 How to Collect Logs from Server Components... 4 Support Bundle Contents... 4 Operations Supported for Server Components... 5 Configurations

More information

Fahim Uddin http://fahim.cooperativecorner.com email@fahim.cooperativecorner.com. 1. Java SDK

Fahim Uddin http://fahim.cooperativecorner.com email@fahim.cooperativecorner.com. 1. Java SDK PREPARING YOUR MACHINES WITH NECESSARY TOOLS FOR ANDROID DEVELOPMENT SEPTEMBER, 2012 Fahim Uddin http://fahim.cooperativecorner.com email@fahim.cooperativecorner.com Android SDK makes use of the Java SE

More information

Open Source Telemedicine Android Client Development Introduction

Open Source Telemedicine Android Client Development Introduction Open Source Telemedicine Android Client Development Introduction Images of phone in this presentation Google. All rights reserved. This content is excluded from our Creative Commons license. For more information,

More information

Developing Secure Mobile Applications. Clinton Mugge Symosis Security

Developing Secure Mobile Applications. Clinton Mugge Symosis Security Developing Secure Mobile Applications Clinton Mugge 1 Introduction Clinton Mugge 18 Years as a Security Professional Counterintelligence Agent/Big 5 Security Auditor/Director of Consulting/ Web Application

More information

Reminders. Lab opens from today. Many students want to use the extra I/O pins on

Reminders. Lab opens from today. Many students want to use the extra I/O pins on Reminders Lab opens from today Wednesday 4:00-5:30pm, Friday 1:00-2:30pm Location: MK228 Each student checks out one sensor mote for your Lab 1 The TA will be there to help your lab work Many students

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

What else can you do with Android? Inside Android. Chris Simmonds. Embedded Linux Conference Europe 2010. Copyright 2010, 2net Limited.

What else can you do with Android? Inside Android. Chris Simmonds. Embedded Linux Conference Europe 2010. Copyright 2010, 2net Limited. What else can you do with Android? Chris Simmonds Embedded Linux Conference Europe 2010 Copyright 2010, 2net Limited 1 Overview Some background on Android Quick start Getting the SDK Running and emulated

More information

Application Security Testing

Application Security Testing Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the

More information

TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)

TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY) TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK BREAKING AND FIXING WEB APPLICATIONS SECURITY PENETRATION TESTING IOS APPS JUNE 8-9, 2015 JUNE 10-11, 2015 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY)

More information

ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY

ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY Suhas Holla #1, Mahima M Katti #2 # Department of Information Science & Engg, R V College of Engineering Bangalore, India Abstract In the advancing

More information

Android Development. Marc Mc Loughlin

Android Development. Marc Mc Loughlin Android Development Marc Mc Loughlin Android Development Android Developer Website:h:p://developer.android.com/ Dev Guide Reference Resources Video / Blog SeCng up the SDK h:p://developer.android.com/sdk/

More information

How to Analyze an Android Bot

How to Analyze an Android Bot SESSION ID: MBS-R02 How to Analyze an Android Bot Kevin McNamee Nokia Threat Intelligence Lab @KevMcNamee Agenda Introduction Tools The Lab Demo Q&A 2 Why Analyze Android Malware We monitor mobile traffic

More information

Pentesting ios Apps Runtime Analysis and Manipulation. Andreas Kurtz

Pentesting ios Apps Runtime Analysis and Manipulation. Andreas Kurtz Pentesting ios Apps Runtime Analysis and Manipulation Andreas Kurtz About PhD candidate at the Security Research Group, Department of Computer Science, University of Erlangen-Nuremberg Security of mobile

More information

Android Environment Emulator

Android Environment Emulator Part 2-b Android Environment Emulator Victor Matos Cleveland State University Notes are based on: http://developer.android.com/index.html http://developer.android.com/guide/developing/tools/emulator.html

More information

Deep Dive: PenTesting the Android and iphone

Deep Dive: PenTesting the Android and iphone Deep Dive: PenTesting the Android and iphone Session 1 October 4th, 2011 11:00AM Max Veytsman & Subu Ramanathan Us Security Consultants from Toronto Specialize in application security Especially mobile

More information

Frequently Asked Questions Enterprise Mobile Manager

Frequently Asked Questions Enterprise Mobile Manager Frequently Asked Questions Enterprise Mobile Manager FAQ: Enterprise Mobile Manager Contents Unable to connect the device to EMM Server... 4 Symptoms... 4 Resolution... 4 Unable to import AD into EMM Server

More information

MOBILE APPLICATION SECURITY

MOBILE APPLICATION SECURITY Innovate, Integrate, Transform MOBILE APPLICATION SECURITY By Ramkumar Murugadoss and Arif Nasim WHITEPAPER www.altencalsoftlabs.com Objective The objective of this paper is to help the developer community

More information

How to Install Applications (APK Files) on Your Android Phone

How to Install Applications (APK Files) on Your Android Phone How to Install Applications (APK Files) on Your Android Phone Overview An Android application is stored in an APK file (i.e., a file named by {Application Name}.apk). You must install the APK on your Android

More information

Security testing in mobile applications. José Manuel Ortega Candel

Security testing in mobile applications. José Manuel Ortega Candel Security testing in mobile applications José Manuel Ortega Candel About me Ø Centers Technician at Everis Ø Computer engineer by Alicante University Ø Frontend and backend developer in Java/J2EE Ø Speaker

More information

Islamic University of Gaza. Faculty of Engineering. Computer Engineering Department. Mobile Computing ECOM 5341. Eng. Wafaa Audah.

Islamic University of Gaza. Faculty of Engineering. Computer Engineering Department. Mobile Computing ECOM 5341. Eng. Wafaa Audah. Islamic University of Gaza Faculty of Engineering Computer Engineering Department Mobile Computing ECOM 5341 By Eng. Wafaa Audah June 2013 1 Setting Up the Development Environment and Emulator Part 1:

More information

imaginea white paper

imaginea white paper white paper Building Mobile Android Applications Even though Android was created for handsets, there is a great opportunity for developing other innovative devices on the Android platform with significant

More information

The power of root on Android emulators

The power of root on Android emulators The power of root on Android emulators Command line tooling for Android Development Gabe Martin LinuxFest Northwest 2013 10:00 AM to 10:50 AM, CC 239 Welcome Describe alternative title Questions can be

More information

Android Development. Lecture 1b Android SDK & Development Environment

Android Development. Lecture 1b Android SDK & Development Environment Android Development Lecture 1b Android SDK & Development Environment This work is licensed under a Creative Commons Attribution NonCommercialShareAlike 4.0 International License. Marco Picone, Ph.D. marco.picone@unipr.it

More information

BYOD: End-to-End Security

BYOD: End-to-End Security BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com

More information

Introduction to Android

Introduction to Android Introduction to Android Poll How many have an Android phone? How many have downloaded & installed the Android SDK? How many have developed an Android application? How many have deployed an Android application

More information

Tutorial on Basic Android Setup

Tutorial on Basic Android Setup Tutorial on Basic Android Setup EE368/CS232 Digital Image Processing, Spring 2015 Windows Version Introduction In this tutorial, we will learn how to set up the Android software development environment

More information

Технологии Java. Android: Введение. Кузнецов Андрей Николаевич. Санкт-Петербургский Государственный Политехнический Университет

Технологии Java. Android: Введение. Кузнецов Андрей Николаевич. Санкт-Петербургский Государственный Политехнический Университет Технологии Java Android: Введение Санкт-Петербургский Государственный Политехнический Университет Кузнецов Андрей Николаевич 1 2 Архитектура ОС Android See http://www.android-app-market.com/android-architecture.html

More information

Android Setup Phase 2

Android Setup Phase 2 Android Setup Phase 2 Instructor: Trish Cornez CS260 Fall 2012 Phase 2: Install the Android Components In this phase you will add the Android components to the existing Java setup. This phase must be completed

More information

An Introduction to Android. Huang Xuguang Database Lab. Inha University 2009.11.2 Email: xuguanghuang@yahoo.cn

An Introduction to Android. Huang Xuguang Database Lab. Inha University 2009.11.2 Email: xuguanghuang@yahoo.cn An Introduction to Android Huang Xuguang Database Lab. Inha University 2009.11.2 Email: xuguanghuang@yahoo.cn Outline Background What is Android? Development for Android Background Internet users and Mobile

More information

Debugging and Installing Android Applica4ons. Asst. Prof. Dr. Kanda Runapongsa Saikaew Department of Compute Engineering Khon Kaen University

Debugging and Installing Android Applica4ons. Asst. Prof. Dr. Kanda Runapongsa Saikaew Department of Compute Engineering Khon Kaen University Debugging and Installing Android Applica4ons Asst. Prof. Dr. Kanda Runapongsa Saikaew Department of Compute Engineering Khon Kaen University Agenda Android debugging environment adb DDMS AVD Debugging

More information

Introduction to Android Development

Introduction to Android Development 2013 Introduction to Android Development Keshav Bahadoor An basic guide to setting up and building native Android applications Science Technology Workshop & Exposition University of Nigeria, Nsukka Keshav

More information

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction

More information

GOTO: H[a]CK. Practical ios Applications Hacking Mathieu RENARD - @GOTOHACK mathieu.renard[-at-]gotohack.org mathieu.renard[-at-]sogeti.

GOTO: H[a]CK. Practical ios Applications Hacking Mathieu RENARD - @GOTOHACK mathieu.renard[-at-]gotohack.org mathieu.renard[-at-]sogeti. GOTO: H[a]CK Practical ios Applications Hacking Mathieu RENARD - @GOTOHACK mathieu.renard[-at-]gotohack.org mathieu.renard[-at-]sogeti.com Agenda # Regular devices # Let s Jailbreak our device # Reversing

More information

Pen Testing ios Apps

Pen Testing ios Apps Pen Testing ios Apps FIRST 2015 Ken van Wyk, @KRvW Berlin, Germany 14-19 June 2015 Ken van Wyk, ken@krvw.com, @KRvW Topics we ll cover We ll focus on how to break typical ios apps ios topics Application

More information

Table of Contents. Adding Build Targets to the SDK 8 The Android Developer Tools (ADT) Plug-in for Eclipse 9

Table of Contents. Adding Build Targets to the SDK 8 The Android Developer Tools (ADT) Plug-in for Eclipse 9 SECOND EDITION Programming Android kjj *J} Zigurd Mednieks, Laird Dornin, G. Blake Meike, and Masumi Nakamura O'REILLY Beijing Cambridge Farnham Koln Sebastopol Tokyo Table of Contents Preface xiii Parti.

More information

Mobile Performance Management Tools Prasanna Gawade, Infosys April 2014

Mobile Performance Management Tools Prasanna Gawade, Infosys April 2014 Mobile Performance Management Tools Prasanna Gawade, Infosys April 2014 Computer Measurement Group, India 1 Contents Introduction Mobile Performance Optimization Developer Tools Purpose and Overview Mobile

More information

Information Security. Training

Information Security. Training Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

More information

ios applications reverse engineering Julien Bachmann julien@scrt.ch

ios applications reverse engineering Julien Bachmann julien@scrt.ch ios applications reverse engineering 1 Julien Bachmann julien@scrt.ch Agenda Motivations The architecture Mach-O Objective-C ARM AppStore binaries Find'em Decrypt'em Reverse'em What to look for Where to

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

Professional Android Application Development

Professional Android Application Development Course Outline: Professional Android Application Development 1. Introduction to Android Overview of Android and Android SDK History of Android Android Features Development 2. Android Architecture Overview

More information

Securing Mobile Apps with App-Hardening and Run-Time Protection Arxan Application Protection for IBM Solutions

Securing Mobile Apps with App-Hardening and Run-Time Protection Arxan Application Protection for IBM Solutions Securing Mobile Apps with App-Hardening and Run-Time Protection Arxan Application Protection for IBM Solutions Rich Lord Vice President, Asia-Pacific Arxan Technologies Mobile Apps Are under Attack Majority

More information

10972B: Administering the Web Server (IIS) Role of Windows Server

10972B: Administering the Web Server (IIS) Role of Windows Server 10972B: Administering the Web Server (IIS) Role of Windows Server Course Details Course Code: Duration: Notes: 10972B 5 days This course syllabus should be used to determine whether the course is appropriate

More information