Learning Pentesting for Android Devices

Aditya Gupta

  • 出版商: Packt Publishing
  • 出版日期: 2014-03-17
  • 售價: $1,410
  • 貴賓價: 9.5$1,340
  • 語言: 英文
  • 頁數: 154
  • 裝訂: Paperback
  • ISBN: 1783288981
  • ISBN-13: 9781783288984
  • 相關分類: Android
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Android is the most popular mobile smartphone operating system at present, with over a million applications. Every day hundreds of applications are published to the PlayStore, which users from all over the world download and use. Often, these applications have serious security weaknesses in them, which could lead an attacker to exploit the application and get access to sensitive information. This is where penetration testing comes into play to check for various vulnerabilities. 

Learning Pentesting for Android is a practical and hands-on guide to take you from the very basic level of Android Security gradually to pentesting and auditing Android. It is a step-by-step guide, covering a variety of techniques and methodologies that you can learn and use in order to perform real life penetration testing on Android devices and applications. The book starts with the basics of Android Security and the permission model, which we will bypass using a custom application, written by us. Thereafter we will move to the internals of Android applications from a security point of view, and will reverse and audit them to find the security weaknesses using manual analysis as well as using automated tools. 

We will then move to a dynamic analysis of Android applications, where we will learn how to capture and analyze network traffic on Android devices and extract sensitive information and files from a packet capture from an Android device. We will look into SQLite databases, and learn to find and exploit the injection vulnerabilities. Also, we will look into root exploits, and how to exploit devices to get full access along with a reverse connect shell. Finally, we will learn how to write a penetration testing report for an Android application auditing project.

商品描述(中文翻譯)

Android是目前最受歡迎的行動智慧型手機作業系統,擁有超過一百萬個應用程式。每天都有數百個應用程式在PlayStore上架,全世界的使用者都會下載和使用這些應用程式。然而,這些應用程式往往存在嚴重的安全漏洞,可能會被攻擊者利用,取得敏感資訊。這就是為什麼需要進行滲透測試,以檢查各種漏洞。

《學習Android滲透測試》是一本實用且實戰導向的指南,從Android安全的基礎層級開始,逐漸引導讀者進入滲透測試和審計Android的領域。這本書提供了一步一步的指導,涵蓋了各種技術和方法,讓讀者能夠學習和應用於真實的Android設備和應用程式的滲透測試中。書籍首先介紹了Android安全和權限模型的基礎知識,並通過我們自己編寫的自定義應用程式來繞過權限模型。接著,我們將從安全角度深入研究Android應用程式的內部,並通過手動分析和自動化工具來逆向和審計應用程式,找出安全漏洞。

我們還將進行Android應用程式的動態分析,學習如何在Android設備上捕獲和分析網路流量,並從封包捕獲中提取敏感資訊和檔案。我們將研究SQLite資料庫,學習如何發現和利用注入漏洞。同時,我們還將探討如何利用Root漏洞,以獲取完全訪問權限和反向連接殼程式。最後,我們將學習如何為Android應用程式審計項目撰寫滲透測試報告。