{"product_id":"the-mobile-application-hackers-handbook-isbn-9781118958506","title":"The Mobile Application Hacker's Handbook","description":"\u003cb\u003eSee your app through a hacker's eyes to find the real sources of vulnerability\u003c\/b\u003e \u003cp\u003e\u003ci\u003eThe Mobile Application Hacker's Handbook\u003c\/i\u003e is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security.\u003c\/p\u003e \u003cp\u003eMobile applications are widely used in the consumer and enterprise markets to process and\/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eUnderstand the ways data can be stored, and how cryptography is defeated\u003c\/li\u003e \u003cli\u003eSet up an environment for identifying insecurities and the data leakages that arise\u003c\/li\u003e \u003cli\u003eDevelop extensions to bypass security controls and perform injection attacks\u003c\/li\u003e \u003cli\u003eLearn the different attacks that apply specifically to cross-platform apps\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eIT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, \u003ci\u003eThe Mobile Application Hacker's Handbook\u003c\/i\u003e is a practical, comprehensive guide.\u003c\/p\u003e \u003cp\u003eIntroduction xxxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Mobile Application (In)security 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Evolution of Mobile Applications 2\u003c\/p\u003e \u003cp\u003eMobile Application Security 4\u003c\/p\u003e \u003cp\u003eSummary 15\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Analyzing iOS Applications 17\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding the Security Model 17\u003c\/p\u003e \u003cp\u003eUnderstanding iOS Applications 22\u003c\/p\u003e \u003cp\u003eJailbreaking Explained 29\u003c\/p\u003e \u003cp\u003eUnderstanding the Data Protection API 43\u003c\/p\u003e \u003cp\u003eUnderstanding the iOS Keychain 46\u003c\/p\u003e \u003cp\u003eUnderstanding Touch ID 51\u003c\/p\u003e \u003cp\u003eReverse Engineering iOS Binaries 53\u003c\/p\u003e \u003cp\u003eSummary 67\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Attacking iOS Applications 69\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to Transport Security 69\u003c\/p\u003e \u003cp\u003eIdentifying Insecure Storage 81\u003c\/p\u003e \u003cp\u003ePatching iOS Applications with Hopper 85\u003c\/p\u003e \u003cp\u003eAttacking the iOS Runtime 92\u003c\/p\u003e \u003cp\u003eUnderstanding Interprocess Communication 118\u003c\/p\u003e \u003cp\u003eAttacking Using Injection 123\u003c\/p\u003e \u003cp\u003eSummary 131\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Identifying iOS Implementation Insecurities 133\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDisclosing Personally Identifi able Information 133\u003c\/p\u003e \u003cp\u003eIdentifying Data Leaks 136\u003c\/p\u003e \u003cp\u003eMemory Corruption in iOS Applications 142\u003c\/p\u003e \u003cp\u003eSummary 146\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Writing Secure iOS Applications 149\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProtecting Data in Your Application 149\u003c\/p\u003e \u003cp\u003eAvoiding Injection Vulnerabilities 156\u003c\/p\u003e \u003cp\u003eSecuring Your Application with Binary Protections 158\u003c\/p\u003e \u003cp\u003eSummary 170\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Analyzing Android Applications 173\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCreating Your First Android Environment 174\u003c\/p\u003e \u003cp\u003eUnderstanding Android Applications 179\u003c\/p\u003e \u003cp\u003eUnderstanding the Security Model 206\u003c\/p\u003e \u003cp\u003eReverse‐Engineering Applications 233\u003c\/p\u003e \u003cp\u003eSummary 246\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Attacking Android Applications 247\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eExposing Security Model Quirks 248\u003c\/p\u003e \u003cp\u003eAttacking Application Components 255\u003c\/p\u003e \u003cp\u003eAccessing Storage and Logging 304\u003c\/p\u003e \u003cp\u003eMisusing Insecure Communications 312\u003c\/p\u003e \u003cp\u003eExploiting Other Vectors 326\u003c\/p\u003e \u003cp\u003eAdditional Testing Techniques 341\u003c\/p\u003e \u003cp\u003eSummary 351\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Identifying and Exploiting Android Implementation Issues 353\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eReviewing Pre‐Installed Applications 353\u003c\/p\u003e \u003cp\u003eExploiting Devices 365\u003c\/p\u003e \u003cp\u003eInfiltrating User Data 416\u003c\/p\u003e \u003cp\u003eSummary 426\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Writing Secure Android Applications 427\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrinciple of Least Exposure 427\u003c\/p\u003e \u003cp\u003eEssential Security Mechanisms 429\u003c\/p\u003e \u003cp\u003eAdvanced Security Mechanisms 450\u003c\/p\u003e \u003cp\u003eSlowing Down a Reverse Engineer 451\u003c\/p\u003e \u003cp\u003eSummary 455\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Analyzing Windows Phone Applications 459\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding the Security Model 460\u003c\/p\u003e \u003cp\u003eUnderstanding Windows Phone 8.x Applications 473\u003c\/p\u003e \u003cp\u003eDeveloper Sideloading 483\u003c\/p\u003e \u003cp\u003eBuilding a Test Environment 484\u003c\/p\u003e \u003cp\u003eAnalyzing Application Binaries 506\u003c\/p\u003e \u003cp\u003eSummary 509\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Attacking Windows Phone Applications 511\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAnalyzing for Data Entry Points 511\u003c\/p\u003e \u003cp\u003eAttacking Transport Security 525\u003c\/p\u003e \u003cp\u003eAttacking WebBrowser and WebView Controls 534\u003c\/p\u003e \u003cp\u003eIdentifying Interprocess Communication Vulnerabilities 542\u003c\/p\u003e \u003cp\u003eAttacking XML Parsing 560\u003c\/p\u003e \u003cp\u003eAttacking Databases 568\u003c\/p\u003e \u003cp\u003eAttacking File Handling 573\u003c\/p\u003e \u003cp\u003ePatching .NET Assemblies 578\u003c\/p\u003e \u003cp\u003eSummary 585\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Identifying Windows Phone Implementation Issues 587\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIdentifying Insecure Application Settings Storage 588\u003c\/p\u003e \u003cp\u003eIdentifying Data Leaks 591\u003c\/p\u003e \u003cp\u003eIdentifying Insecure Data Storage 593\u003c\/p\u003e \u003cp\u003eInsecure Random Number Generation 601\u003c\/p\u003e \u003cp\u003eInsecure Cryptography and Password Use 605\u003c\/p\u003e \u003cp\u003eIdentifying Native Code Vulnerabilities 616\u003c\/p\u003e \u003cp\u003eSummary 626\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Writing Secure Windows Phone Applications 629\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGeneral Security Design Considerations 629\u003c\/p\u003e \u003cp\u003eStoring and Encrypting Data Securely 630\u003c\/p\u003e \u003cp\u003eSecure Random Number Generation 634\u003c\/p\u003e \u003cp\u003eSecuring Data in Memory and Wiping Memory 635\u003c\/p\u003e \u003cp\u003eAvoiding SQLite Injection 636\u003c\/p\u003e \u003cp\u003eImplementing Secure Communications 638\u003c\/p\u003e \u003cp\u003eAvoiding Cross‐Site Scripting in WebViews and WebBrowser Components 640\u003c\/p\u003e \u003cp\u003eSecure XML Parsing 642\u003c\/p\u003e \u003cp\u003eClearing Web Cache and Web Cookies 642\u003c\/p\u003e \u003cp\u003eAvoiding Native Code Bugs 644\u003c\/p\u003e \u003cp\u003eUsing Exploit Mitigation Features 644\u003c\/p\u003e \u003cp\u003eSummary 645\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Analyzing BlackBerry Applications 647\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding BlackBerry Legacy 647\u003c\/p\u003e \u003cp\u003eUnderstanding BlackBerry 10 652\u003c\/p\u003e \u003cp\u003eUnderstanding the BlackBerry 10 Security Model 660\u003c\/p\u003e \u003cp\u003eBlackBerry 10 Jailbreaking 665\u003c\/p\u003e \u003cp\u003eUsing Developer Mode 666\u003c\/p\u003e \u003cp\u003eThe BlackBerry 10 Device Simulator 667\u003c\/p\u003e \u003cp\u003eAccessing App Data from a Device 668\u003c\/p\u003e \u003cp\u003eAccessing BAR Files 669\u003c\/p\u003e \u003cp\u003eLooking at Applications 670\u003c\/p\u003e \u003cp\u003eSummary 678\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Attacking BlackBerry Applications 681\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTraversing Trust Boundaries 682\u003c\/p\u003e \u003cp\u003eSummary 691\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Identifying BlackBerry Application Issues 693\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eLimiting Excessive Permissions 694\u003c\/p\u003e \u003cp\u003eResolving Data Storage Issues 695\u003c\/p\u003e \u003cp\u003eChecking Data Transmission 696\u003c\/p\u003e \u003cp\u003eHandling Personally Identifiable Information and Privacy 698\u003c\/p\u003e \u003cp\u003eEnsuring Secure Development 700\u003c\/p\u003e \u003cp\u003eSummary 704\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17 Writing Secure BlackBerry Applications 705\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecuring BlackBerry OS 7.x and Earlier Legacy Java Applications 706\u003c\/p\u003e \u003cp\u003eGeneral Java Secure Development Principals 706\u003c\/p\u003e \u003cp\u003eMaking Apps Work with the Application Control Policies 706\u003c\/p\u003e \u003cp\u003eMemory Cleaning 707\u003c\/p\u003e \u003cp\u003eControlling File Access and Encryption 709\u003c\/p\u003e \u003cp\u003eSQLite Database Encryption 710\u003c\/p\u003e \u003cp\u003ePersistent Store Access Control and Encryption 711\u003c\/p\u003e \u003cp\u003eSecuring BlackBerry 10 Native Applications 716\u003c\/p\u003e \u003cp\u003eSecuring BlackBerry 10 Cascades Applications 723\u003c\/p\u003e \u003cp\u003eSecuring BlackBerry 10 HTML5 and JavaScript (WebWorks) Applications 724\u003c\/p\u003e \u003cp\u003eSecuring Android Applications on BlackBerry 10 726\u003c\/p\u003e \u003cp\u003eSummary 726\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 18 Cross‐Platform Mobile Applications 729\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to Cross‐Platform Mobile Applications 729\u003c\/p\u003e \u003cp\u003eBridging Native Functionality 731\u003c\/p\u003e \u003cp\u003eExploring PhoneGap and Apache Cordova 736\u003c\/p\u003e \u003cp\u003eSummary 741\u003c\/p\u003e \u003cp\u003eIndex 743\u003c\/p\u003e \u003cp\u003e\u003ci\u003e“..there is a shocking lack of published material on the topic of mobile security. The Mobile Application Hacker’s Handbook seeks to change this and be a positive movement to educating others in the topic of mobile security awareness.” \u003c\/i\u003e(Vigilance-Security Magazine, March 2015)\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eDOMINIC CHELL\u003c\/b\u003e is a director of MDSec and a recognized expert in mobile security, providing training to leading global organizations. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eTYRONE ERASMUS\u003c\/b\u003e is an expert on Android security and heads Mobile Practice at MWR InfoSecurity SA. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eSHAUN COLLEY\u003c\/b\u003e is a security consultant and researcher at IOActive specializing in mobile security and reverse engineering. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eOLLIE WHITEHOUSE\u003c\/b\u003e is Technical Director with NCC Group who has previously worked for BlackBerry and Symantec specialising in mobile security.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eView your app through a hacker's eyes\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIT security breaches make headlines almost daily. With both personal and corporate information being carried in so many pockets, mobile applications on the iOS, Android, Blackberry, and Windows Phones are a fertile field for hackers. To discover the true vulnerabilities in a mobile app, you must look at it as a hacker does. \u003c\/p\u003e\u003cp\u003eThis practical guide focuses relentlessly on the hacker's approach, helping you secure mobile apps by demonstrating how hackers exploit weak points and flaws to gain access to data. Discover a proven methodology for approaching mobile application assessments and the techniques used to prevent, disrupt, and remediate the various types of attacks. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eLearn to:\u003c\/b\u003e \u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eUnderstand the ways data can be stored and how hackers can defeat cryptography\u003c\/li\u003e \u003cli\u003eSet up an environment in which insecurities and data leakages can be identified\u003c\/li\u003e \u003cli\u003eDevelop extensions to bypass security controls and perform injection attacks for testing\u003c\/li\u003e \u003cli\u003eIdentify the different types of attacks that apply specifically to cross-platform apps\u003c\/li\u003e \u003cli\u003eRecognize how hackers bypass security controls such as jailbreak\/root detection, tamper detection, runtime protection, and anti-debugging\u003c\/li\u003e \u003cli\u003eImplement a generic methodology for mobile application testing\u003c\/li\u003e \u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990289563877,"sku":"NP9781118958506","price":63.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118958506.jpg?v=1761787219","url":"https:\/\/k12savings.com\/es\/products\/the-mobile-application-hackers-handbook-isbn-9781118958506","provider":"K12savings","version":"1.0","type":"link"}