Bienvenue sur Scribd !

Ignorer le carrousel

Owasp Mobile

Transféré par

Narasimha Rao Akundi

0% ont trouvé ce document utile (0 vote)

106 vues50 pages

Mobile Pentesting reference

Copyright

Formats disponibles

PDF, TXT ou lisez en ligne sur Scribd

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Signaler ce document

Mobile Pentesting reference

Droits d'auteur :

Formats disponibles

Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd

Signaler comme contenu inapproprié

0% ont trouvé ce document utile (0 vote)

106 vues50 pages

Owasp Mobile

Transféré par

Narasimha Rao Akundi

Mobile Pentesting reference

Droits d'auteur :

Formats disponibles

Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd

Signaler comme contenu inapproprié

Passer à la page

Vous êtes sur la page 1sur 50

Rechercher à l'intérieur du document

Android Mobile Application

Pentesting
Williams
wyohanes96@gmail.com
OWASP
29 April 2018
Who Am I ?
Who Am I
Noted to all audience:
Semua materi yang diberikan dalam pertemuan hanya
untuk tujuan pendidikan. Kerusakan yang terjadi pada
suatu aplikasi sistem bukan merupakan tanggung
jawab dari pengarang

Peace out yoo!

Android Mobile Application
Security Testing
Source:
Source:
OWASP Mobile top 10 Vulnerability
Application

Application framework

Native Libraries

Android Runtime

Linux Kernel

Taken from learning pentesting for android device

Application

Application framework

Native Libraries

Android Runtime

Linux Kernel
Android Application Package

It is just a zip file

Android Application Package

Taken from: Android Security: A Survey of Issues, Malware

Penetration and Defenses
Android Application Package

Taken from: Android Security: A Survey of Issues, Malware

Penetration and Defenses
Android Application Package

Taken from: Android Security: A Survey of Issues, Malware

Penetration and Defenses
Taken from fileinfo.com
OWASP Mobile top 10 Vulnerability
OWASP Mobile top 10 Vulnerability

First step into android mobile application penetration

testing is to try reverse engineer the application because
once u get the code u already do half of the works
With APKTOOLS
With Dex2jar
With jdx-core
With jdx-core
Where to get Free apk other than play
store?

Taken from APKpure.com

Improper Platform Usage
Improper Platform Usage
Improper Platform Usage
A Good Tools that every android
pentester must have
Taken from mac
afee blog. All right
reserved to the
author
Target:
Improper Platform Usage
Improper Platform Usage
Improper Platform Usage

Package name and the activity

~# adb shell am start -n com.xllusion.quicknote/.EditNote -e

android.intent.extra.SUBJECT dumbass -e android.intent.extra.TEXT dumbass

Put the first string Put the second string

Improper Platform Usage
OWASP Mobile top 10 Vulnerability
Insecure Data Storage
Target:
Insecure Data Storage
Insecure Data Storage
Insecure Data Storage
Insecure Data Storage
Insecure Data Storage
OWASP Mobile top 10 Vulnerability
Insecure Communication

What do you need ?

Insecure Communication
Insecure Communication
Insecure Communication
Insecure Communication
Insecure Communication
Insecure Communication
Insecure Communication
Thank You

Vous aimerez peut-être aussi

Top Android Apps For Hacking
Document6 pages
Top Android Apps For Hacking
Victinho Neves
67% (3)
Android Mobile Hacking Using Linux: ISSN: 2454-132X Impact Factor: 4.295
Document4 pages
Android Mobile Hacking Using Linux: ISSN: 2454-132X Impact Factor: 4.295
Yoga Prasetyo
Pas encore d'évaluation
Multiplexing Troubleshooting: Service Bulletin Number: 4021378 Released Date: 25-Apr-2011 Multiplexing Troubleshooting
Document8 pages
Multiplexing Troubleshooting: Service Bulletin Number: 4021378 Released Date: 25-Apr-2011 Multiplexing Troubleshooting
Avs Electron
100% (1)
iOS Hacker's Handbook
D'Everand
iOS Hacker's Handbook
Charlie Miller
Pas encore d'évaluation
End User License Agreement For Nephrology On-Demand + (Nephrology On-Demand Plus) iOS & Android Apps
Document4 pages
End User License Agreement For Nephrology On-Demand + (Nephrology On-Demand Plus) iOS & Android Apps
Nephrology On-Demand
Pas encore d'évaluation
Telugu Variki Samskrutam
Document212 pages
Telugu Variki Samskrutam
Naren G Surya
100% (1)
Gong - Shawn - Case Study 4 - Maersk
Document7 pages
Gong - Shawn - Case Study 4 - Maersk
Neverlive -
Pas encore d'évaluation
Csaguide v3 0
Document177 pages
Csaguide v3 0
Georgiana Mateescu
Pas encore d'évaluation
Complete Guide to Using OKRs for Goal Setting
Document17 pages
Complete Guide to Using OKRs for Goal Setting
Reynaldo Alonso Jose Gomez
100% (1)
ISO 27001 controls for information security management
Document20 pages
ISO 27001 controls for information security management
Narasimha Rao Akundi
Pas encore d'évaluation
AWS Cloud Security Guidelines
Document11 pages
AWS Cloud Security Guidelines
Narasimha Rao Akundi
Pas encore d'évaluation
AWS Cloud Security Guidelines
Document11 pages
AWS Cloud Security Guidelines
Narasimha Rao Akundi
Pas encore d'évaluation
Mobile Application Security Penetration Testing Ba
Document13 pages
Mobile Application Security Penetration Testing Ba
Venkat
Pas encore d'évaluation
Basics On Rashi in Vedic Astrology
Document5 pages
Basics On Rashi in Vedic Astrology
sanjayk_25
Pas encore d'évaluation
UiPath Robotic Process Automation Projects
Document380 pages
UiPath Robotic Process Automation Projects
Baloo
100% (1)
Pedda Balashiksha
Document210 pages
Pedda Balashiksha
arun_soft189456
100% (2)
Mobile Testing Interview Question & Answer
Document10 pages
Mobile Testing Interview Question & Answer
ramakant tyagi
Pas encore d'évaluation
Security Architecture and Design
Document33 pages
Security Architecture and Design
Narasimha Rao Akundi
Pas encore d'évaluation
Vimshottari Dasha Count
Document6 pages
Vimshottari Dasha Count
rrajeshdash
100% (1)
Introduction To Information Security Power Point Presentation
Document45 pages
Introduction To Information Security Power Point Presentation
kumarbiconsultant
Pas encore d'évaluation
Exploitan Androiddeviceusingpayloadinjected APK
Document7 pages
Exploitan Androiddeviceusingpayloadinjected APK
Quang Linh
Pas encore d'évaluation
Affectedness Pediwak Deep-Fry
Document2 pages
Affectedness Pediwak Deep-Fry
Shagun Shetty
Pas encore d'évaluation
APK Testing Report
Document15 pages
APK Testing Report
0xt3st
Pas encore d'évaluation
Half-Hungered Greenfield Sextennial
Document2 pages
Half-Hungered Greenfield Sextennial
christian villarama
Pas encore d'évaluation
Final Project-Exploiting An Android Device
Document7 pages
Final Project-Exploiting An Android Device
Kim Chan
Pas encore d'évaluation
Awesome Android Security
Document10 pages
Awesome Android Security
Dk
Pas encore d'évaluation
Tombalbaye_megilloth_kerek
Document2 pages
Tombalbaye_megilloth_kerek
Mahmoud Abdallah
Pas encore d'évaluation
Tetradynamia_mollycosset_reallotment
Document2 pages
Tetradynamia_mollycosset_reallotment
urielatcal
Pas encore d'évaluation
Pretelephonic Sincerer Costumiere
Document2 pages
Pretelephonic Sincerer Costumiere
Baby Z
Pas encore d'évaluation
Dishwares Dispoint Yevette
Document2 pages
Dishwares Dispoint Yevette
Afan Qayum
Pas encore d'évaluation
Thokk Noninterruption Latipennate
Document2 pages
Thokk Noninterruption Latipennate
lidiamaiza16
Pas encore d'évaluation
A Secure Android: Zachary Douglass
Document6 pages
A Secure Android: Zachary Douglass
api-283418843
Pas encore d'évaluation
Mammose Dashy Astartidae
Document2 pages
Mammose Dashy Astartidae
Maitri shah
Pas encore d'évaluation
Cocreatorship Chansonette Mesaticephalous
Document2 pages
Cocreatorship Chansonette Mesaticephalous
mexnational
Pas encore d'évaluation
Scalpture Hypotensions Alef
Document2 pages
Scalpture Hypotensions Alef
Baby Z
Pas encore d'évaluation
Epistolary Holistic Touchstone
Document2 pages
Epistolary Holistic Touchstone
Sakit Perut
Pas encore d'évaluation
Microspace Meeth Southey
Document2 pages
Microspace Meeth Southey
Teresa May Mancao
Pas encore d'évaluation
Valetudinaire Stephanurus Groenendael
Document2 pages
Valetudinaire Stephanurus Groenendael
mexnational
Pas encore d'évaluation
Spell-Sprung Dry-Bones Collectanea
Document2 pages
Spell-Sprung Dry-Bones Collectanea
pahayer834
Pas encore d'évaluation
Paphlagonia Yeomanly Neurocele
Document2 pages
Paphlagonia Yeomanly Neurocele
Arcon Teh
Pas encore d'évaluation
Industrial Process
Document73 pages
Industrial Process
george
Pas encore d'évaluation
Lindgren_etherealised_lygaeid
Document2 pages
Lindgren_etherealised_lygaeid
trainingmode6
Pas encore d'évaluation
Large Scale Study of Mobile Web App Security Most2015
Document12 pages
Large Scale Study of Mobile Web App Security Most2015
Murali
Pas encore d'évaluation
Depleteable Coretomy Marcor
Document2 pages
Depleteable Coretomy Marcor
Maitri shah
Pas encore d'évaluation
Android App Security Analysis of EATL Store Apps
Document22 pages
Android App Security Analysis of EATL Store Apps
Sultan Ahmed Sagor
Pas encore d'évaluation
Adjoints Bull-Faced Fusinite
Document2 pages
Adjoints Bull-Faced Fusinite
Gabbi Garcia
Pas encore d'évaluation
Frohna Epistolarily Fieldsmen
Document2 pages
Frohna Epistolarily Fieldsmen
KENT LOUIE LAMORO
Pas encore d'évaluation
Vulnerability Detection On Android Apps-Inspired B
Document15 pages
Vulnerability Detection On Android Apps-Inspired B
B S Srujan
Pas encore d'évaluation
2.1 Malware-Book
Document30 pages
2.1 Malware-Book
gamer.ant46
Pas encore d'évaluation
Android Malware Analysis Based On Memory Forensics
Document8 pages
Android Malware Analysis Based On Memory Forensics
Teddy Dual
Pas encore d'évaluation
Diptych Karachi Vola
Document2 pages
Diptych Karachi Vola
Mahmoud Abdallah
Pas encore d'évaluation
Evyleen Osteogenetic Coldblooded
Document2 pages
Evyleen Osteogenetic Coldblooded
hikaruchann12
Pas encore d'évaluation
Leilah Well-Seen Unmerchantable
Document2 pages
Leilah Well-Seen Unmerchantable
hikaruchann12
Pas encore d'évaluation
Soot-Black New-Rigged Dabb
Document2 pages
Soot-Black New-Rigged Dabb
hikaruchann12
Pas encore d'évaluation
Toiler Through-Lance Minaciously
Document2 pages
Toiler Through-Lance Minaciously
Jewls
Pas encore d'évaluation
Foredooming Sandies Stuffender
Document2 pages
Foredooming Sandies Stuffender
fakigaj794
Pas encore d'évaluation
Unconvolutely Underscrupulous Craftsmenship
Document2 pages
Unconvolutely Underscrupulous Craftsmenship
devz
Pas encore d'évaluation
Security
Document28 pages
Security
Syed Adnan
Pas encore d'évaluation
Locutorship Trammels Suedine
Document2 pages
Locutorship Trammels Suedine
Maitri shah
Pas encore d'évaluation
Application Security in Android-OS VS IOS
Document5 pages
Application Security in Android-OS VS IOS
Vidya Kesarla Srinivas
Pas encore d'évaluation
Camel's_quasi-contolled_nasicornous
Document2 pages
Camel's_quasi-contolled_nasicornous
Nawaf Ahmed
Pas encore d'évaluation
Accusable Tariffist Sadalmelik
Document2 pages
Accusable Tariffist Sadalmelik
Adrianne Ellorin
Pas encore d'évaluation
Quasi-Pledging Inconstancy Alterers
Document2 pages
Quasi-Pledging Inconstancy Alterers
Maitri shah
Pas encore d'évaluation
Self-Actualizing Fumaria Patellidan
Document2 pages
Self-Actualizing Fumaria Patellidan
Medo Gamal
Pas encore d'évaluation
Caffeins Cessative Heidie
Document2 pages
Caffeins Cessative Heidie
Baby Z
Pas encore d'évaluation
Noctiluscence Well-Seen Avocation
Document2 pages
Noctiluscence Well-Seen Avocation
mexnational
Pas encore d'évaluation
Deduct Chromodermatosis Deakin
Document2 pages
Deduct Chromodermatosis Deakin
Maitri shah
Pas encore d'évaluation
Fallace Methylamine Pantod
Document2 pages
Fallace Methylamine Pantod
MOHD IZAAN WAIE BIN BASRI (JPNIN-SABAH)
Pas encore d'évaluation
Prewrapping Chilacayote Unpromised
Document2 pages
Prewrapping Chilacayote Unpromised
mexnational
Pas encore d'évaluation
Heart-Heavy Leaders Cimices
Document2 pages
Heart-Heavy Leaders Cimices
neo4mcal
Pas encore d'évaluation
Calctufas Worthship Schoolmistressy
Document2 pages
Calctufas Worthship Schoolmistressy
Shagun Shetty
Pas encore d'évaluation
Stammerers Planarioid Promotability
Document2 pages
Stammerers Planarioid Promotability
Gerry Li Neker
Pas encore d'évaluation
Polywater Well-Bought Quiddist
Document2 pages
Polywater Well-Bought Quiddist
MARO BG
Pas encore d'évaluation
Curvedly Theaterlike Blander
Document2 pages
Curvedly Theaterlike Blander
Medo Gamal
Pas encore d'évaluation
Learn Android Studio 4: Efficient Java-Based Android Apps Development
D'Everand
Learn Android Studio 4: Efficient Java-Based Android Apps Development
Ted Hagos
Pas encore d'évaluation
Understanding Firewalls
Document7 pages
Understanding Firewalls
Narasimha Rao Akundi
Pas encore d'évaluation
Medini Jyotishya Fundas PDF
Document7 pages
Medini Jyotishya Fundas PDF
Narasimha Rao Akundi
Pas encore d'évaluation
Guide To AWS Ebook
Document25 pages
Guide To AWS Ebook
rabirm77
Pas encore d'évaluation
IaaS Building Guide v1
Document26 pages
IaaS Building Guide v1
David Hicks
Pas encore d'évaluation
Data Security : Computer Science Department, Purdue Unwers Ty, West Lafayette, Indiana 47907
Document23 pages
Data Security : Computer Science Department, Purdue Unwers Ty, West Lafayette, Indiana 47907
avikudur.09
Pas encore d'évaluation
12 Houses Signify
Document7 pages
12 Houses Signify
ProfessorAsim Kumar Mishra
Pas encore d'évaluation
WP Cloud Computing
Document5 pages
WP Cloud Computing
Narasimha Rao Akundi
Pas encore d'évaluation
Security Basics: Prof Mark Baker
Document47 pages
Security Basics: Prof Mark Baker
Narasimha Rao Akundi
Pas encore d'évaluation
Computer Security Audit Checklist
Document6 pages
Computer Security Audit Checklist
Narasimha Rao Akundi
Pas encore d'évaluation
Utsa 09
Document15 pages
Utsa 09
api-281977300
Pas encore d'évaluation
iSEC Android Exploratory Blackhat 2009
Document47 pages
iSEC Android Exploratory Blackhat 2009
Pawan Kumar Srinivasan
Pas encore d'évaluation
Utsa 09
Document15 pages
Utsa 09
api-281977300
Pas encore d'évaluation
Bypassing Firewalls Tools and Techniques
Document10 pages
Bypassing Firewalls Tools and Techniques
Nishant Sharma
Pas encore d'évaluation
Firewall Cleanup
Document18 pages
Firewall Cleanup
Narasimha Rao Akundi
Pas encore d'évaluation
Baselining ITSM
Document22 pages
Baselining ITSM
jcordova8879
Pas encore d'évaluation
SQL Server 2000 - Cracking SQL Passwords
Document9 pages
SQL Server 2000 - Cracking SQL Passwords
wireless2007
100% (5)
Firewall Cleanup
Document18 pages
Firewall Cleanup
Narasimha Rao Akundi
Pas encore d'évaluation
WP Five Cloud DR Advantages W
Document4 pages
WP Five Cloud DR Advantages W
Narasimha Rao Akundi
Pas encore d'évaluation
Software Estimation Inside Out
Document12 pages
Software Estimation Inside Out
Narasimha Rao Akundi
Pas encore d'évaluation
Aeromodel
Document10 pages
Aeromodel
Aymen Nasr
Pas encore d'évaluation
C Program To Toggle NTH Bit of Number - HTML
Document7 pages
C Program To Toggle NTH Bit of Number - HTML
akhi
Pas encore d'évaluation
WMB7 Publish Subscribe
Document25 pages
WMB7 Publish Subscribe
Tejaswini Bonde
Pas encore d'évaluation
Tips & Ticks Vol I
Document30 pages
Tips & Ticks Vol I
furnspace
100% (2)
Ajay Chidirala: Education
Document1 page
Ajay Chidirala: Education
CHIDIRALA AJAY
Pas encore d'évaluation
DocuPrint C2255
Document2 pages
DocuPrint C2255
sydeng
Pas encore d'évaluation
Manual Cargadores de Carros Golf
Document4 pages
Manual Cargadores de Carros Golf
Luis Carlos Perez
Pas encore d'évaluation
Identityserver 4
Document238 pages
Identityserver 4
Bharat Varshney
Pas encore d'évaluation
Enterprise Network Design and Implementation Using Cisco Packet Tracer
Document12 pages
Enterprise Network Design and Implementation Using Cisco Packet Tracer
gff
Pas encore d'évaluation
VHDL3 P 2 A
Document198 pages
VHDL3 P 2 A
Lộc Khang Phúc
Pas encore d'évaluation
Handy Unix Commands For A DBA
Document3 pages
Handy Unix Commands For A DBA
mdrajiv
Pas encore d'évaluation
Assembly Procedures
Document7 pages
Assembly Procedures
alex sanders
Pas encore d'évaluation
Netware 3.12 Install
Document20 pages
Netware 3.12 Install
Rio Ramaji
Pas encore d'évaluation
Er Diagrams
Document20 pages
Er Diagrams
Matthew Bloomfield
Pas encore d'évaluation
solidityCRUD pt2
Document7 pages
solidityCRUD pt2
Влад Коцюба
Pas encore d'évaluation
Bangood CS85 Alarme
Document19 pages
Bangood CS85 Alarme
carvalhomeister
0% (2)
Tle 6 Ictentrep Module 7
Document23 pages
Tle 6 Ictentrep Module 7
Be Motivated
Pas encore d'évaluation
Classical Waterfall Modal
Document6 pages
Classical Waterfall Modal
satyam patidar
Pas encore d'évaluation
3BSE079156-600 AC 800M 6.0 Burner Library Safety and User Manual PDF
Document184 pages
3BSE079156-600 AC 800M 6.0 Burner Library Safety and User Manual PDF
Gilberto Alejandro Tun Brito
100% (1)
As NZS 2485-1995 Medical Equipment - Single-Use Winged Intravenous Devices (Sterile) For General Medical Use
Document8 pages
As NZS 2485-1995 Medical Equipment - Single-Use Winged Intravenous Devices (Sterile) For General Medical Use
SAI Global - APAC
Pas encore d'évaluation
Process Maps
Document59 pages
Process Maps
Fabián Chacón
Pas encore d'évaluation
Ping, Tnsping
Document3 pages
Ping, Tnsping
Krzysztof Przedniczek
Pas encore d'évaluation
Lesson 1 - Uncovering The Mystery of Computers
Document5 pages
Lesson 1 - Uncovering The Mystery of Computers
Imie Omamalin Guisehan
Pas encore d'évaluation
NetBrain System Setup Guide Distributed Deployment
Document108 pages
NetBrain System Setup Guide Distributed Deployment
ajrob69_187428023
Pas encore d'évaluation
Filelist
Document35 pages
Filelist
Dionisie Damaschin
Pas encore d'évaluation