Table Of Content

Deep Dive: PenTesting the Android and iPhone Session 1 October 4th, 2011 11:00AM Max Veytsman & Subu Ramanathan Us Security Consultants from Toronto   Specialize in application security   Especially mobile security   [email protected]   @mveytsman   [email protected]   @subuonsecurity   MIS Training Institute Session 1 - Slide 2 © Security Compass 2011 You Security analysts, developers or QA testers   Fairly familiar with web application pentesting   Intrigued by mobile applications   Have attempted to root an Android or Jailbreak an iOS   device Some knowledge of programming   MIS Training Institute Session 1 - Slide 3 © Security Compass 2011 This Workshop Introducing ExploitMe Mobile   Mobile threat model   What you need to know about Android and iPhone   Intercepting traffic   Filesystem access   Static analysis   Runtime analysis (Bonus!)   Mobile cryptography pitfalls (Bonus!)   MIS Training Institute Session 1 - Slide 4 © Security Compass 2011 Demo INTRODUCING EXPLOITME MOBILE MIS Training Institute Session 1 - Slide 5 © Security Compass 2011 ExploitMe Mobile iPhone Labs   http://securitycompass.github.com/iPhoneLabs/   Android Labs   http://securitycompass.github.com/AndroidLabs/   Server   https://github.com/securitycompass/LabServer   MIS Training Institute Session 1 - Slide 6 © Security Compass 2011 MOBILE THREAT MODEL MIS Training Institute Session 1 - Slide 7 © Security Compass 2011 What can the developers get wrong? Backend implementation   Client behavior   Client-server communication   MIS Training Institute Session 1 - Slide 8 © Security Compass 2011 Backend Mobile backend implementations are all susceptible to   Authentication/Authorization issues   Privilege escalation   Input validation errors   Injection   Threat model is the same as a web app   MIS Training Institute Session 1 - Slide 9 © Security Compass 2011 Client Insecure data storage   Poor cryptography   Overzealous Logging   Eg. Old Android browser   Memory leakage   Input validation   Eg. Skype XSS bug   Threat includes lost/stolen phone and mobile malware   MIS Training Institute Session 1 - Slide 10 © Security Compass 2011

Description:
Oct 4, 2011 Fairly familiar with web application pentesting. □. Intrigued by mobile applications. □. Have attempted to root an Android or Jailbreak an iOS.
ebook img

Deep Dive: PenTesting the Android and iPhone - Security Compass PDF

165 Pages·2011·10.68 MB·English
by  Maxim Veytsman
#deep web
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Deep Dive: PenTesting the Android and iPhone - Security Compass

Deep Dive: PenTesting the Android and iPhone Session 1 October 4th, 2011 11:00AM Max Veytsman & Subu Ramanathan Us Security Consultants from Toronto   Specialize in application security   Especially mobile security   [email protected]   @mveytsman   [email protected]   @subuonsecurity   MIS Training Institute Session 1 - Slide 2 © Security Compass 2011 You Security analysts, developers or QA testers   Fairly familiar with web application pentesting   Intrigued by mobile applications   Have attempted to root an Android or Jailbreak an iOS   device Some knowledge of programming   MIS Training Institute Session 1 - Slide 3 © Security Compass 2011 This Workshop Introducing ExploitMe Mobile   Mobile threat model   What you need to know about Android and iPhone   Intercepting traffic   Filesystem access   Static analysis   Runtime analysis (Bonus!)   Mobile cryptography pitfalls (Bonus!)   MIS Training Institute Session 1 - Slide 4 © Security Compass 2011 Demo INTRODUCING EXPLOITME MOBILE MIS Training Institute Session 1 - Slide 5 © Security Compass 2011 ExploitMe Mobile iPhone Labs   http://securitycompass.github.com/iPhoneLabs/   Android Labs   http://securitycompass.github.com/AndroidLabs/   Server   https://github.com/securitycompass/LabServer   MIS Training Institute Session 1 - Slide 6 © Security Compass 2011 MOBILE THREAT MODEL MIS Training Institute Session 1 - Slide 7 © Security Compass 2011 What can the developers get wrong? Backend implementation   Client behavior   Client-server communication   MIS Training Institute Session 1 - Slide 8 © Security Compass 2011 Backend Mobile backend implementations are all susceptible to   Authentication/Authorization issues   Privilege escalation   Input validation errors   Injection   Threat model is the same as a web app   MIS Training Institute Session 1 - Slide 9 © Security Compass 2011 Client Insecure data storage   Poor cryptography   Overzealous Logging   Eg. Old Android browser   Memory leakage   Input validation   Eg. Skype XSS bug   Threat includes lost/stolen phone and mobile malware   MIS Training Institute Session 1 - Slide 10 © Security Compass 2011

Description:
Oct 4, 2011 Fairly familiar with web application pentesting. □. Intrigued by mobile applications. □. Have attempted to root an Android or Jailbreak an iOS.
See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users