Penetration Testing for iphone Applications Part 1
|
|
- Megan Nash
- 8 years ago
- Views:
Transcription
1 Penetration Testing for iphone Applications Part 1 This article focuses specifically on the techniques and tools that will help security professionals understand penetration testing methods for iphone applications. It attempts to cover the entire ios application penetration testing methodology on a physical device rather than a simulator. Background: Since the introduction of the iphone, Apple has sold more than 110 million iphones. The smartphone platform has created a new business and companies want to make their services available on mobile devices in order to reach out to the users very quickly and easily. As the iphone has enough power and performance to do just about most of the stuff you can do on a laptop, iphone applications span a range of categories from education, business, health and productivity to games and entertainment. iphone provides developers with a platform to develop two types of applications. 1. Web based applications which uses JavaScript, CSS and HTML-5 technologies 2. Native ios applications- which are developed using Objective-C and Cocoa touch API This article mainly covers the pen testing methodology of native ios applications. However, some of the techniques explained here can also be used with web-based ios applications. Application Distribution model: ios developers use Apple Xcode developer tools and test their applications within the ios simulator. A simulator simulates an environment but it does not mimic many of the features and functionalities available on real devices. An ios simulator compiles ios applications to a local native code which is different from the Android emulator that compiles to ARM instructions. Though simulators allow basic development and testing, it is not sufficient for many applications which require the use of full hardware power, performance and features which are only available on real devices. To test these types of applications on real devices, developers have to subscribe to Apple s ios Developer Program because the iphone is only allowed to run Apple signed applications. Mandatory Code Signing mechanism implemented in ios requires that all the native code running on the device should be signed by a known or trusted certificate. Upon subscription to the ios Developers Program, Apple issues a signed provisioning profile that configures the ios device to permit the execution of code signed by a developer certificate. Developers can apply for this program as an individual, company or university. Based on the provisioning profile, application distribution models are categorized as 5 types. Page 1
2 Single device distribution: Development provisioning profiles issued by Apple are tied to a device s UDID (Unique Device ID). This provisioning profile allows running a developer s application on the device. As it is tied to a particular device, the provisioning profile does not work on other devices. This model is used during single device testing. Ad Hoc distribution: Ad Hoc provisioning profiles issued by Apple are tied to the UDID s of up to 100 other devices, including the ipad, iphone or ipod touch. The developer has to supply the UDID of 100 devices during the subscription process. This model allows developers to test their application on a wide range of devices. In-house distribution: Enterprise provisioning profiles issued by Apple permit the installation of applications on devices without configuring their UDIDs. This distribution is generally used by enterprises to distribute applications internally to their employees. Over the air (OTA) distribution: This model is designed to allow enterprise developers to send applications to individual users in their organization through or by hosting the application on a web server. The main problem with this kind of distribution is if someone outside the organization gets access to the link then they too can also install the application. App Store distribution This is a centralized mechanism for distributing Apple signed applications. Upon submitting the application to Apple, Apple verifies it against the App Store review guidelines and approves it if the application follows all the review guidelines. After the approval, Apple will re-sign the application with an Apple signing certificate and make it available for download in the App Store. Penetration Testing In this section we are going to focus on ios applications rather than the iphone operating system itself. Actually there is an overlap between the iphone OS security and the iphone application security. So understanding the ios platform and its security technology will help penetration testers properly assess the security of iphone applications. The main areas of focus while assessing the security of iphone applications are - Application traffic analysis Privacy Issues Local Data Storage Caching Page 2
3 Reverse Engineering Unmanaged code URL Schemes Push Notifications Setup: A simulator does not provide the actual device environment, so all the penetration testing techniques explained in this article are specific to a physical device. iphone 4 with ios 5 will be used for the following demonstrations. To perform pentesting we need to install a few tools on our device. These tools are not approved by Apple. Code signing restrictions in ios do not allow us to install the required tools on the device. To bypass the code signing restrictions and run our tools we have to JailBreak the iphone. JailBreaking gives us full access to the device and allows us to run code which is not signed by Apple. After JailBreaking, the required unsigned applications can be downloaded from Cydia. Cydia is a parallel App Store for unsigned applications. JailBreaking puts your phone at great risk to some security vulnerabilities because the device allows any application to run even if it is not approved by Apple. Though we can assess the security of an application on a non-jailbroken iphone, it is not possible to give complete coverage. JailBreaking makes the pen tester s work easier and helps to provide full coverage of an application. Tools like Pwnage, readsn0w and greenposi0n can be used to JailBreak the iphone. Tools required for pentesting: From Cydia, download and install the applications listed below. OpenSSH Allows us to connect to the iphone remotely over SSH Adv-cmds : Comes with a set of process commands like ps, kill, finger Sqlite3 : Sqlite database client GNU Debugger: For run time analysis & reverse engineering Syslogd : To view iphone logs Veency: Allows to view the phone on the workstation with the help of veency client Tcpdump: To capture network traffic on phone com.ericasadun.utlities: plutil to view property list files Grep: For searching Odcctools: otool object file displaying tool Crackulous: Decrypt iphone apps Hackulous: To install decrypted apps Cycript: Run time analysis The iphone does not give us a terminal to see inside directories. Upon OpenSSH installation on the device, we can connect to the SSH server on the phone from any SSH client (ex:putty, CyberDuck, WinScp). This gives us flexibility to browse through folders and execute commands on the iphone. An iphone has two users by default. One is mobile and the other is a root user. All the applications installed on the phone run with mobile user privileges. But using SSH we can log into the iphone as a Page 3
4 root user, which will give us full access to the device. The default password for both the user accounts (root, mobile) is alpine. Note: Best practice is to change the default SSH passwords of your device. If your phone and the workstation are connected to Wi-Fi, you can directly SSH to the iphone by typing in the IP address and username/password. SSH to iphone over Wi-Fi- > ssh > password : alpine If your phone and the workstation are not on Wi-Fi, you can still do SSH via the USB cable with the help of Usbmuxd. Detailed steps are available at - Once we have a SSH connection, we can run commands directly on the iphone. As ios is a trimmed version of Mac OS, many of the MAC OS commands will work on the iphone. Application traffic analysis Pen testing iphone applications isn t all that different because client-side applications still interact with the server-side components over a network using some protocols. So it also involves network pentesting and web application pentesting. The primary goal in traffic analysis is to capture and analyze the network traffic to find vulnerabilities. iphone applications may transmit data to the server in any of these communication mechanisms: Clear text transmission, such as http Encrypted channel, such as https Custom protocols or Low level streams It s 2012 and applications are still using clear text transmission protocols like http. In general, mobile applications are more prone to MITM attacks because most people access them over WIFI. An attacker who has access to the same Wi-Fi can run tools like FireSheep and hijack user sessions. As plain text transport protocols are vulnerable to MITM attacks, applications which transmit sensitive data must use encrypted communication protocols like https. During pen testing, observe whether the application is transmitting any sensitive data over the encrypted channel or not. Application traffic can be captured by configuring the proxy settings available in iphone. Upon setting up a proxy, the iphone routes its traffic through the configured proxy. Page 4
5 Configuring Proxy The screenshots below illustrates the required settings in an iphone workstation (IP ) required to capture http application traffic. 1. Navigate to the Settings application 2. Turn on Wi-Fi Page 5
6 3. Choose a network and click on the blue arrow corresponding to it 4. Choose 'Manual and setup a proxy IP (ex: ) Page 6
7 5. On your workstation, Open Burp Suite and navigate to Proxy->Options, Edit proxy listeners - enter port as 8080, disable loopback only and select support invisible 6. Now browsing any http website or http application in iphone routes the traffic to your workstation and will display in Burp Suite. The same proxy settings also work for https traffic as well. But capturing iphone application https traffic is little tricky. In SSL communication, browser based applications automatically validate the server-side certificate; whereas in native ios applications, the developer has to explicitly write the code to validate server certificates. Coding mistakes at this point may lead the application to accept any server certificate. When an application fails to validate the server certificate, attackers can use any fake certificate and perform MITM attacks. One common mistake that we see in iphone application development is the use of allowanyhttpscertificateforhost (NSURLRequest) or continuewithoutcredentialforauthenticationchallenge (NSURLConnection) function call. Applications which implement these functions accept any certificate even if it is not issued by the original server. Also the application users do not even get a certificate warning. While pentesting, check whether the application is validating the certificates properly or not. If the application validates server-side certificates properly, then it will display a certificate error message when it receives an invalid certificate. It also does not allow the user to use that application or proceed further with the invalid certificate. To capture the SSL traffic of these applications during pen testing, first we have to add a proxy CA certificate to the iphone trusted certificates list. Later if the application receives a proxy certificate it Page 7
8 will not display any certificate error because we told our iphone to trust that certificate. This will allow us to capture the https traffic. The same technique is applicable to other protocols which work on certificates. The video below demonstrates the MITM https application traffic. Apart from http and https protocols iphone applications may also use custom protocols or low level socket communication APIs (NSStreams, CFStreams). The MITM techniques explained above would not work to capture the network traffic of these applications. In order to capture the low level traffic of these applications download and install tcpdump from Cydia on iphone. Upon installation of tcpdump, connect the iphone over SSH and run the commands below to capture traffic and write it into a.pcap file. > ssh > password: alpine > tcpdump -w traffic.pcap Connect to the phone using a GUI SSH client like Cyberduck. Browse to the folders and copy the recently created.pcap file to your workstation. Next, open the.pcap file using a traffic capture tool like Wireshark. Use your protocol analyzing skills and identify the custom protocol. The same techniques can be used for the applications which do not respect the iphone proxy settings. In these cases, DNS spoofing techniques can be used to perform MITM and for traffic capture. Once you capture the traffic, typical web application pen testing attacks are done on the application server. Now you can look for SQL injection, authentication, authorization, session management, cryptography weaknesses and many more web related vulnerabilities. Penetration Testing iphone Applications is going to be covered in a series of articles. Part 2 will cover the privacy issues and local data storage. About Me: Satish B (@satishb3) is an Information Security Professional with 6 years of experience in Penetration testing of web applications and mobile applications. My blog is located at satishb3@hotmail.com satishb3@securitylearn.net Page 8
Pentesting iphone Applications. Satishb3 http://www.securitylearn.net
Pentesting iphone Applications Satishb3 http://www.securitylearn.net Agenda iphone App Basics App development App distribution Pentesting iphone Apps Methodology Areas of focus Major Mobile Threats Who
More informationPentesting Mobile Applications
WEB 应 用 安 全 和 数 据 库 安 全 的 领 航 者! 安 恒 信 息 技 术 有 限 公 司 Pentesting Mobile Applications www.dbappsecurity.com.cn Who am I l Frank Fan: CTO of DBAPPSecurity Graduated from California State University as a Computer
More informationABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications
Reverse Engineering ios Applications Drew Branch, Independent Security Evaluators, Associate Security Analyst ABSTRACT' Mobile applications are a part of nearly everyone s life, and most use multiple mobile
More informationPentesting iphone & ipad Apps Hack In Paris 2011 June 17
Pentesting iphone & ipad Apps Hack In Paris 2011 June 17 Who are we? Flora Bottaccio Security Analyst at ADVTOOLS Sebastien Andrivet Director, co-founder of ADVTOOLS ADVTOOLS Swiss company founded in 2002
More informationMobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application
Mobile Applications: The True Potential Risks Where to look for information when performing a Pentest on a Mobile Application Since the introduction of the iphone, Apple has sold more than 315 million
More informationAccess Your Cisco Smart Storage Remotely Via WebDAV
Application Note Access Your Cisco Smart Storage Remotely Via WebDAV WebDAV (Web-based Distributed Authoring and Versioning), is a set of extensions to the HTTP(S) protocol that allows a web server to
More informationios Testing Tools David Lindner Director of Mobile and IoT Security
ios Testing Tools David Lindner Director of Mobile and IoT Security Who is this guy? David Lindner @golfhackerdave david.lindner@nvisium.com 15+ years consulting experience I hack and golf, sometimes at
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationMobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus
Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques
More informationAll Your Mobile Applications Are Belong To Us
Security Art September 2011 All Your Mobile Applications Are Belong To Us Itzik Kotler, Chief Technology Officer www.security-art.com Hello Motto, Hello Hacker Mobile phones are no longer only for making
More informationSmartphone Pentest Framework v0.1. User Guide
Smartphone Pentest Framework v0.1 User Guide 1 Introduction: The Smartphone Pentest Framework (SPF) is an open source tool designed to allow users to assess the security posture of the smartphones deployed
More informationBlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide
BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry
More informationSYLLABUS MOBILE APPLICATION SECURITY AND PENETRATION TESTING. MASPT at a glance: v1.0 (28/01/2014) 10 highly practical modules
Must have skills in any penetration tester's arsenal. MASPT at a glance: 10 highly practical modules 4 hours of video material 1200+ interactive slides 20 Applications to practice with Leads to emapt certification
More informationEthical Hacking as a Professional Penetration Testing Technique
Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. info@rd1.net 2 Background Founder of Durkee Consulting since 1996
More informationProduct Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15
Product Manual MDM On Premise Installation Version 8.1 Last Updated: 06/07/15 Parallels IP Holdings GmbH Vordergasse 59 8200 Schaffhausen Switzerland Tel: + 41 52 632 0411 Fax: + 41 52 672 2010 www.parallels.com
More informationSecuring ios Applications. Dr. Bruce Sams, OPTIMAbit GmbH
Securing ios Applications Dr. Bruce Sams, OPTIMAbit GmbH About Me President of OPTIMAbit GmbH Responsible for > 200 Pentests per Year Ca 50 ios Pentests and code reviews in the last two years. Overview
More informationMobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus
Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing
More informationSecurity Testing Guidelines for mobile Apps
The OWASP Foundation http://www.owasp.org Security Testing Guidelines for mobile Apps Florian Stahl Johannes Ströher AppSec Research EU 2013 Who we are Florian Stahl Johannes Ströher Lead Consultant for
More informationPentesting Android Mobile Application
Pentesting Android Mobile Application Overview on Mobile applications Connect in Superior Way!! Mobile market is the worldwide rapidly developing segments since many customers are using mobile phones.
More informationUsing the Apple Configurator and MaaS3360
Using the Apple Configurator and MaaS3360 Overview Apple Configurator Utility (ACU) is a free Apple tool that enables a Mac to configure up to 30 ios devices simultaneously via a USB. There are two modes
More informationNovell Filr 1.0.x Mobile App Quick Start
Novell Filr 1.0.x Mobile App Quick Start February 2014 Novell Quick Start Novell Filr allows you to easily access all your files and folders from your desktop, browser, or a mobile device. In addition,
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationTroubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual
Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics
More informationBlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide
BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9
More informationSophos Mobile Control Installation guide. Product version: 3
Sophos Mobile Control Installation guide Product version: 3 Document date: January 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...16 4 External
More informationManageEngine Desktop Central. Mobile Device Management User Guide
ManageEngine Desktop Central Mobile Device Management User Guide Contents 1 Mobile Device Management... 2 1.1 Supported Devices... 2 1.2 What Management Operations you can Perform?... 2 2 Setting Up MDM...
More informationMobile Device Management Version 8. Last updated: 17-10-14
Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names
More informationiphone in Business How-To Setup Guide for Users
iphone in Business How-To Setup Guide for Users iphone is ready for business. It supports Microsoft Exchange ActiveSync, as well as standards-based services, delivering email, calendars, and contacts over
More informationSA-Announce Cloud Services Mobile Notifier User Manual: ios and Android Version 1.0.0
SA-Announce Cloud Services Mobile Notifier User Manual: ios and Android Version 1.0.0 About Syn-Apps Syn-Apps L.L.C. was founded in 2001 as a consulting firm focused on developing software for IP telephony
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationRemote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.
Remote Desktop Gateway Accessing a Campus Managed Device (Windows Only) from home. Contents Introduction... 2 Quick Reference... 2 Gateway Setup - Windows Desktop... 3 Gateway Setup Windows App... 4 Gateway
More informationCopyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com
Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious
More informationSophos Mobile Control Installation guide
Sophos Mobile Control Installation guide Product version: 2.5 Document date: July 2012 Contents 1 Introduction... 3 2 The Sophos Mobile Control server... 4 3 Set up Sophos Mobile Control... 13 4 Running
More informationOWASP NZ Day 2011 Testing Mobile Applications
OWASP NZ Day 2011 Testing Mobile Applications Presenter: Nick von Dadelszen Date: 7 th July 2011 Company: Lateral Security (IT) Services Limited Company overview Company Lateral Security (IT) Services
More informationUsing EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience
Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere
More informationZenprise Device Manager 6.1.5
Zenprise Device Manager 6.1.5 CLIENT GUIDE Rev 6.1.50 Introduction 2 ZENPRISE DEVICE MANAGER 6.1 CLIENT GUIDE 2011 Zenprise, Inc. All rights reserved. This manual, as well as the software described in
More informationUNITED STATES OF AMERICA FEDERAL TRADE COMMISSION
UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION 132 3091 COMMISSIONERS: Edith Ramirez, Chairwoman Julie Brill Maureen K. Ohlhausen Joshua D. Wright ) In the Matter of ) DOCKET NO. ) Credit Karma, Inc.,
More informationINTRODUCTION OF IPAD USE AT UT. Introduction of ipad use at the University of Twente... 1. Content... 1. 1. Introduction... 2
CONTENT INTRODUCTION OF IPAD USE AT UT Introduction of ipad use at the University of Twente... 1 Content... 1 1. Introduction... 2 2. BEFORE YOU GET STARTED... 2 3. Setting to work... 2 3.1. Purchase...
More informationClientless SSL VPN Users
Manage Passwords, page 1 Username and Password Requirements, page 3 Communicate Security Tips, page 3 Configure Remote Systems to Use Clientless SSL VPN Features, page 3 Manage Passwords Optionally, you
More informationSophos Mobile Control Installation guide. Product version: 3.5
Sophos Mobile Control Installation guide Product version: 3.5 Document date: July 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...4 3 Set up Sophos Mobile Control...10 4 External
More informationKaspersky Lab Mobile Device Management Deployment Guide
Kaspersky Lab Mobile Device Management Deployment Guide Introduction With the release of Kaspersky Security Center 10.0 a new functionality has been implemented which allows centralized management of mobile
More informationApache Server Implementation Guide
Apache Server Implementation Guide 340 March Road Suite 600 Kanata, Ontario, Canada K2K 2E4 Tel: +1-613-599-2441 Fax: +1-613-599-2442 International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042
More informationBlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview
BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2 Feature and Technical Overview Published: 2010-06-16 SWDT305802-1108946-0615123042-001 Contents 1 Overview: BlackBerry Enterprise
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationIntroduction to Mobile Access Gateway Installation
Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure
More informationBuilding a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved
Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing
More informationWhen enterprise mobility strategies are discussed, security is usually one of the first topics
Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced
More informationSonicWALL Mobile Connect. Mobile Connect for OS X 3.0. User Guide
SonicWALL Mobile Connect Mobile Connect for OS X 3.0 User Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL TRADE COMMISSION. Julie Brill Maureen K. Ohlhausen Joshua D. Wright Terrell McSweeny
132 3089 UNITED STATES OF AMERICA BEFORE THE FEDERAL TRADE COMMISSION COMMISSIONERS: Edith Ramirez, Chairwoman Julie Brill Maureen K. Ohlhausen Joshua D. Wright Terrell McSweeny In the Matter of DOCKET
More informationMobile Application Security and Penetration Testing Syllabus
Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms 1.1.1.Android 1.1.2.iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats 1.3.1.OWASP
More informationSetup Guide: Server-side synchronization for CRM Online and Exchange Server
Setup Guide: Server-side synchronization for CRM Online and Exchange Server Version 8.0 Microsoft Dynamics CRM 2016 Authors: Elad Ben Yosef, Sumanta Batabyal This document is provided "as-is". Information
More informationKony MobileFabric Messaging. Demo App QuickStart Guide. (Building a Sample Application
Kony MobileFabric Kony MobileFabric Messaging Demo App QuickStart Guide (Building a Sample Application Apple ios) Release 6.5 Document Relevance and Accuracy This document is considered relevant to the
More informationVersion 1.0 January 2011. Xerox Phaser 3635MFP Extensible Interface Platform
Version 1.0 January 2011 Xerox Phaser 3635MFP 2011 Xerox Corporation. XEROX and XEROX and Design are trademarks of Xerox Corporation in the United States and/or other countries. Changes are periodically
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationSetting Up SSL on IIS6 for MEGA Advisor
Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority
More informationConfiguration Guide BES12. Version 12.1
Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...
More informationConfiguration Guide BES12. Version 12.2
Configuration Guide BES12 Version 12.2 Published: 2015-07-07 SWD-20150630131852557 Contents About this guide... 8 Getting started... 9 Administrator permissions you need to configure BES12... 9 Obtaining
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationStealth OpenVPN and SSH Tunneling Over HTTPS
Stealth OpenVPN and SSH Tunneling Over HTTPS Contents Tunneling OpenVPN and SSH via HTTPS for Windows,MAC and Linux... 1 Benefits of HTTPS Tunneling:... 2 Pre-Requisites:... 3 Part A: Step by Step Instructions
More informationNovell Filr. Mobile Client
Novell Filr Mobile Client 0 Table of Contents Quick Start 3 Supported Mobile Devices 3 Supported Languages 4 File Viewing Support 4 FILES THAT CANNOT BE VIEWED IN THE FILR APP 4 FILES THAT GIVE A WARNING
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationBLOOMBERG ANYWHERE FOR MOBILE CUSTOMERS
BLOOMBERG ANYWHERE FOR MOBILE CUSTOMERS Software & Connectivity Requirements 11 March 2014 Version: 1.03 BLOOMBERG ANYWHERE users have access to their information on a variety of mobile platforms including
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More informationCyber Security Workshop Ethical Web Hacking
Cyber Security Workshop Ethical Web Hacking May 2015 Setting up WebGoat and Burp Suite Hacking Challenges in WebGoat Concepts in Web Technologies and Ethical Hacking 1 P a g e Downloading WebGoat and Burp
More informationhttp://docs.trendmicro.com
Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationQuickStart Guide for Managing Mobile Devices. Version 9.2
QuickStart Guide for Managing Mobile Devices Version 9.2 JAMF Software, LLC 2013 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF
More informationSSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.
SSL-TLS VPN 3.0 Certification Report For: Array Networks, Inc. Prepared by: ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 USA http://www.icsalabs.com SSL-TLS VPN 3.0 Certification
More informationios Team Administration Guide (Legacy)
ios Team Administration Guide (Legacy) Contents About ios Development Team Administration 5 At a Glance 6 Team Admins Manage Team Membership and Assign Roles in the Member Center 6 Development Devices
More informationSophos Mobile Control Installation guide. Product version: 3.6
Sophos Mobile Control Installation guide Product version: 3.6 Document date: November 2013 Contents 1 Introduction...3 2 The Sophos Mobile Control server...5 3 Set up Sophos Mobile Control...11 4 External
More informationSecurity Vulnerabilities in 3rd-Party ios Applications
Security Vulnerabilities in 3rd-Party ios Applications Wentworth Institute of Technology Boston, MA Sonny Fazio Sonny Fazio - Wentworth Institute of Technology - Security Vulnerabilities in 3rd-party ios
More informationRSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide
RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
More informationAdministering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Native Apps and Push Notifications...4 Custom App Wrapping for ios... 5 Native
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationMobile App User's Guide
Mobile App User's Guide Copyright Statement Copyright Acronis International GmbH, 2002-2012. All rights reserved. "Acronis", "Acronis Compute with Confidence", "Acronis Recovery Manager", "Acronis Secure
More informationQuickStart Guide for Mobile Device Management. Version 8.6
QuickStart Guide for Mobile Device Management Version 8.6 JAMF Software, LLC 2012 JAMF Software, LLC. All rights reserved. JAMF Software has made all efforts to ensure that this guide is accurate. JAMF
More informationINSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER
INSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER A TECHNICAL WHITEPAPER Copyright 2012 Kaazing Corporation. All rights reserved. kaazing.com Executive Overview This document
More informationUser-ID Configuration
User-ID Configuration How to configure Active Directory for User-ID based internet access. Nick Pearce 5/11/2015 1 Install and configure the User-ID agent. Download the.zip file from https://dl.sgcyp.org.uk/pan/user-id.zip
More informationReadyNAS Remote. User Manual. June 2013 202-11078-03. 350 East Plumeria Drive San Jose, CA 95134 USA
User Manual June 2013 202-11078-03 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for selecting this NETGEAR product. After installing your device, locate the serial number on the label
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationConfiguration Guide. BlackBerry Enterprise Service 12. Version 12.0
Configuration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-12-19 SWD-20141219132902639 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12...
More informationDeploying iphone and ipad Mobile Device Management
Deploying iphone and ipad Mobile Device Management ios supports Mobile Device Management (MDM), giving businesses the ability to manage scaled deployments of iphone and ipad across their organizations.
More informationIntegrated SSL Scanning
Software Version 9.0 Copyright Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included in this publication are the exclusive
More information1. Introduction 2. 2. What is Axis Camera Station? 3. 3. What is Viewer for Axis Camera Station? 4. 4. AXIS Camera Station Service Control 5
Table of Contents 1. Introduction 2 2. What is Axis Camera Station? 3 3. What is Viewer for Axis Camera Station? 4 4. AXIS Camera Station Service Control 5 5. Configuring Ports 7 5.1 Creating New Inbound
More informationAdobe Marketing Cloud Bloodhound for Mac 3.0
Adobe Marketing Cloud Bloodhound for Mac 3.0 Contents Adobe Bloodhound for Mac 3.x for OSX...3 Getting Started...4 Processing Rules Mapping...6 Enable SSL...7 View Hits...8 Save Hits into a Test...9 Compare
More informationConfiguration Guide BES12. Version 12.3
Configuration Guide BES12 Version 12.3 Published: 2016-01-19 SWD-20160119132230232 Contents About this guide... 7 Getting started... 8 Configuring BES12 for the first time...8 Configuration tasks for managing
More informationFilter Avoidance and Anonymous Proxy Guard
March 21, 2011 Author: Audience: SWAT Team Evaluator Product: Cymphonix Network Composer EX Series, XLi OS version 9 Filter Avoidance and Anonymous Proxy Guard Filter Avoidance The award winning XLi technology
More informationAccess the GV-IP Camera through a broadband modem
Access the GV-IP Camera through a broadband modem Applied to All GV-IP Cameras Article ID: GV15-12-03-26 Release Date: 03/26/2012 Introduction The document introduces how to connect your GV-IP Camera to
More informationRemote Service Manager Installation & Configuration Guide
Remote Service Manager Installation & Configuration Guide TABLE OF CONTENTS OVERVIEW... 3 SYSTEM REQUIREMENTS... 3 SERVER REQUIREMENTS... 3 CLIENT REQUIREMENTS... 4 NAMED USER LICENSING AND SUPPORT...
More informationUnifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway
Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...
More informationQuickStart Guide for Mobile Device Management
QuickStart Guide for Mobile Device Management Version 8.5 Inventory Configuration Security Management Distribution JAMF Software, LLC 2012 JAMF Software, LLC. All rights reserved. JAMF Software has made
More informationForensic analysis of iphone backups
Forensic analysis of iphone backups The goal of iphone Backup Forensics analysis is extracting data and artefacts from the itunes backups without altering any information. iphone forensics can be performed
More informationADMINISTRATOR GUIDE FOR USA MOBILITY AMC SELECT
ADMINISTRATOR GUIDE FOR USA MOBILITY AMC SELECT AMC Select Administrator Guide 1 March 5, 2013 This page intentionally left Blank. AMC Select Administrator Guide 2 March 5, 2013 I. INTRODUCTION... 4 II.
More informationEnterprise Security with mobilecho
Enterprise Security with mobilecho Enterprise Security from the Ground Up When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come
More informationCLEARSWIFT SECURE Web Gateway HTTPS/SSL decryption
CLEARSWIFT SECURE Web Gateway HTTPS/SSL decryption Introduction This Technical FAQ explains the functionality of the optional HTTPS/SSL scanning and inspection module available for the Web Gateway and
More informationSymantec Mobile Management 7.2 SP3 MR1 Release Notes
Mobile Management 7.2 SP3 MR1 Release Notes Mobile Management 7.2 SP3 MR1 Release Notes This document includes the following topics: About What's new in 7.2 SP3 MR1 Fixed issues in 7.2 SP3 MR1 Known issues
More informationApp Distribution Guide
App Distribution Guide Contents About App Distribution 10 At a Glance 11 Enroll in an Apple Developer Program to Distribute Your App 11 Generate Certificates and Register Your Devices 11 Add Store Capabilities
More informationPlease Complete Speaker Feedback Surveys. SecurityTube.net
Please Complete Speaker Feedback Surveys Advanced ios Applica:on Pentes:ng Vivek Ramachandran Founder, SecurityTube.net vivek@securitytube.net Vivek Ramachandran B.Tech, ECE IIT Guwaha: Media Coverage
More informationInternet Privacy Options
2 Privacy Internet Privacy Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1 Privacy Acronyms
More information