Introduction and Executive Summary
- Mobile App Ethical Hacking and Penetration Testing Principles
- Mobile Application Security Assessments for applications
- Pentesting Mobile Applications
- Mobile Device Threats, Policies, and Security Models
- Mobile Device Architecture Security and Management
- Mobile Code and Application Analysis
- Ethical Hacking Mobile Networks
- Ethical Hacking Mobile Phones, Tablets, and Applications
- Secure Mobile Phone Capture the Flag
- Exploiting and penetrating mobile applications
- Overview of vulnerabilities
- Security and performance flaw
- Mobile Ethical Hacking
Overview of Mobile platforms
- Control functions
- Networks: GSM, CDMA, UMTS, LTE, WiFi, Bluetooth, ZIGBEE, NFC
- Hardware: Baseband layer attacks
- Memory corruption defects in firmware
- OS: Defects in kernel code
- Applications
- Codes
- Apps with vulnerabilities and malicious
Mobile Application Basics
- Browser Based Application
- HTML5+CSS+JavaScript
- iOS Application Basics
- iOS System Architecture
- Objective C & Cocoa Touch API
- Android Application Basics
- Android System Architecture
- Application program
- Application Frame
- Program Library
- Android Runtime Library
- Linux Core
Major Mobile Threats
- Equipment and password protection
- Sensitive files encryption
- Boot Rom exploits
- Password brute force
- Mobile App Risks
- Mobile Device Risks at multiple layers
- Mobile App Ecosystems
- Mobile App Top 10 Risks
- Veracode Top 10
- OWASP Mobile Top 10
- Malicious Functionality
- Activity monitoring and data retrieval
- Unauthorized dialing, SMS, and payments
- Unauthorized network connectivity (exfiltration or command & control)
- UI Impersonation
- System modification (rootkit, APN proxy config)
- Logic or Time bomb
- Vulnerabilities
- Sensitive data leakage (inadvertent or side channel)
- Unsafe sensitive data storage
- Unsafe sensitive data transmission
- Hardcoded password/keys
Application Penetration Testing
- Reconnaissance
- Mapping
- Discovery
- Exploitation
- Reporting
- Ethical attack
- Application’s security controls
- Risks posed by actual exploitable vulnerabilities.
- Application mapping
- Reverse engineering
- Proprietary tools
- Input Validation
- Buffer Overflow
- Cross Site Scripting
- URL Manipulation
- SQL Injection
- Hidden Variable Manipulation
- Cookie Modification
- Authentication Bypass
- Code Execution
- Injections
- Broken authentication and session management
- Cross-site scripting
- Insecure direct object references
- Security misconfiguration
- Sensitive data exposure
- Missing function level access control
- Cross-site request forgery
- Using components with known vulnerabilities
- Unvalidated redirects and forwards
Mobile Application Security Assessment and Penetration Testing
- Mobile Application Penetration Assessments
- Identify weaknesses in the default installation
- Bypass authentication and authorization mechanisms
- Escalate privileges
- Access and modify data or data presentation
- Attack vectors
- Data validation (SQL injection, Cross-Site Scripting, buffer overflows, etc.)
- Session management
- Access controls (authentication and authorization controls)
- Cryptography
- Third-party components (patching, configuration errors, etc.)
- Mobile Device Security Models
- Privilege and access models on multiple platforms
- Device encryption support and threats
- Emerging changes in platform security from Android and Apple
- Policy Considerations and Development
Attacks and Pentesting Mobile Applications
- Attacking test based systems
- Attacking test based application
- Attacking test based transmission link
- Application attack testing
- Bypassing passcode locks
- Decrypting credentials
- Accessing mobile device backup data
- Unlocking, Rooting, Jailbreaking Mobile Devices
- Mobile Phone Data Storage and Filesystem Architecture
- Filesystem Application Modeling
- Mobile application network capture
- Mobile app data extraction
- Reverse engineering iOS binaries in Objective-C
- Reverse engineering Android binaries in Java
- Data access policies
- Fingerprinting mobile devices
- Monitoring network probing activity
- Network scanning and assessment
- Exploiting weak wireless infrastructure
- Monitoring mobile device network scanning
- Certificate impersonation and mobile devices
- Network Manipulation Attacks
- Exploiting mobile application authentication vulnerabilities
- Site impersonation attacks
- Exploiting SQL injection in mobile application frameworks
Pentesting iOS and Android
- Areas of focus
- Network Communication -Privacy
- Application Data Storage
- Reverse Engineering -URL Schemes -Push Notification
- Jailbreak
- Encrypted Transmission
- HTTPS and SSL
- CA certificate
- Application data storage
- Data storage location
- Plist file
- Keychain
- Logs
- Screenshot
- Home catalogue
- Reverse Engineering