You are previewing Hacking Exposed Mobile Security Secrets & Solutions.
O'Reilly logo
Hacking Exposed Mobile Security Secrets & Solutions

Book Description

Proven security tactics for today’s mobile apps,devices, and networks A great overview of the new threats created by mobile devices.The authors have heaps of experience in the topics and bring that to every chapter.

Table of Contents

  1. Cover
  2. HACKING EXPOSED™: MOBILE SECURITY SECRETS & SOLUTIONS
  3. Copyright Page
  4. Dedication
  5. About the Authors
  6. At A Glance
  7. Contents
  8. Foreword
  9. Acknowledgments
  10. Introduction
  11. 1 The Mobile Risk Ecosystem
    1. The Mobile Ecosystem
      1. Scale
      2. Perceived Insecurity
    2. The Mobile Risk Model
      1. Physical Risks
      2. Service Risks
      3. App Risks
    3. Our Agenda
    4. Summary
  12. 2 Hacking the Cellular Network
    1. Basic Cellular Network Functionality
      1. Interoperability
      2. Voice Calls
      3. The Control Channels
      4. Voice Mailboxes
      5. Short Message Service
    2. Attacks and Countermeasures
    3. The Brave New World of IP
    4. Summary
  13. 3 iOS
    1. Know Your iPhone
    2. How Secure Is iOS?
    3. Jailbreaking: Unleash the Fury!
      1. Boot-based Jailbreak
    4. Hacking Other iPhones: Fury, Unleashed!
    5. Summary
  14. 4 Android
    1. Security Model
    2. Application Components
    3. Data Storage
    4. Near Field Communication (NFC)
    5. Android Development
      1. Android Emulator
      2. Android Debug Bridge
    6. Rooting
    7. Decompiling and Disassembly
      1. Decompiling
    8. Intercepting Network Traffic
      1. Adding Trusted CA Certificates
      2. Configuring a Proxy Server
    9. Intent-Based Attacks
    10. NFC-Based Attacks
    11. Information Leakage
      1. Leakage via Internal Files
      2. Leakage via External Storage
      3. Information Leakage via Logs
      4. Information Leakage via Insecure Components
      5. General Mitigation Strategies to Prevent Information Leakage
    12. Summary
  15. 5 Mobile Malware
    1. Android Malware
    2. iOS Malware
    3. Malware Security: Android vs. iOS
    4. Summary
  16. 6 Mobile Services and Mobile Web
    1. General Web Service Security Guidelines
    2. Attacks Against XML-based Web Services
    3. Common Authentication and Authorization Frameworks
      1. OAuth 2
      2. SAML
    4. Mobile Web Browser and WebView Security
      1. Exploiting Custom URI Schemes
      2. Exploiting JavaScript Bridges
    5. Summary
  17. 7 Mobile Device Management
    1. MDM Frameworks
    2. Device Provisioning
    3. Bypassing MDM
    4. Decompiling and Debugging Apps
    5. Detecting Jailbreaks
    6. Remote Wipe and Lock
    7. Summary
  18. 8 Mobile Development Security
    1. Mobile App Threat Modeling
      1. Threats
      2. Assets
      3. Finishing and Using the Threat Model
    2. Secure Mobile Development Guidance
      1. Preparation
      2. Secure Mobile Application Guidelines
      3. Testing to Make Sure
      4. For Further Reading
    3. Summary
  19. 9 Mobile Payments
    1. Current Generation
    2. Contactless Smartcard Payments
      1. Secure Element
      2. Secure Element API
      3. Mobile Application
    3. Google Wallet
    4. Square
    5. Summary
  20. A Consumer Security Checklist
    1. Security Checklist
  21. B Mobile Application Penetration Testing Toolkit
    1. iOS Pen Test Toolkit
    2. Android Pen Test Toolkit
  22. Index