Android Mobile Application Pentesting - OWASP
1y ago
28 Views
1 Downloads
3.47 MB
50 Pages
Report/dmca
Download PDF

Transcription

Android Mobile WASP29 April 2018

Who Am I ?

Who Am I

Noted to all audience:Semua materi yang diberikan dalam pertemuan hanyauntuk tujuan pendidikan. Kerusakan yang terjadi padasuatu aplikasi sistem bukan merupakan tanggungjawab dari pengarangPeace out yoo!

Android Mobile ApplicationSecurity Testing

Source:

Source:

OWASP Mobile top 10 Vulnerability

ApplicationApplication frameworkNative LibrariesAndroid RuntimeLinux KernelTaken from learning pentesting for android device

ApplicationApplication frameworkNative LibrariesAndroid RuntimeLinux Kernel

Android Application PackageIt is just a zip file

Android Application PackageTaken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses

Android Application PackageTaken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses

Android Application PackageTaken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses

Taken from fileinfo.com

OWASP Mobile top 10 Vulnerability

OWASP Mobile top 10 VulnerabilityFirst step into android mobile application penetrationtesting is to try reverse engineer the application becauseonce u get the code u already do half of the works

With APKTOOLS

With Dex2jar

With jdx-core

With jdx-core

Where to get Free apk other than playstore?Taken from APKpure.com

Improper Platform Usage

Improper Platform Usage

Improper Platform Usage

A Good Tools that every androidpentester must haveTaken from macafee blog. All rightreserved to theauthor

Target:

Improper Platform Usage

Improper Platform Usage

Improper Platform UsagePackage name and the activity # adb shell am start -n com.xllusion.quicknote/.EditNote -eandroid.intent.extra.SUBJECT dumbass -e android.intent.extra.TEXT dumbassPut the first stringPut the second string

Improper Platform Usage

OWASP Mobile top 10 Vulnerability

Insecure Data Storage

Target:

Insecure Data Storage

Insecure Data Storage

Insecure Data Storage

Insecure Data Storage

Insecure Data Storage

OWASP Mobile top 10 Vulnerability

Insecure CommunicationWhat do you need ?

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Thank You

Application framework Application Taken from learning pentesting for android device. Linux Kernel Android Runtime Native Libraries Application framework Application. Android Application Package It is just a zip file. Android Application Package Taken from: Android Security: A Survey of Issues, Malware

Related Books

New Privacy in Android 11 and OWASP Mobile Security

New Privacy in Android 11 and OWASP Mobile Security

OWASP Top 10 - 2013

OWASP Top 10 - 2013

Web Application Security with ASP / MVC & OWASP

Web Application Security with ASP / MVC & OWASP

Cnet Free s For Android 511

Cnet Free s For Android 511

REST API Penetration Testing Report for [CLIENT] - UnderDefense

REST API Penetration Testing Report for [CLIENT] - UnderDefense

OWASP Testing Guide v2 - Isaca Roma

OWASP Testing Guide v2 - Isaca Roma

Mobile Application Security and Penetration Testing Version 2

Mobile Application Security and Penetration Testing Version 2

A Vulnerability Assessment on the Parental Control Mobile .

A Vulnerability Assessment on the Parental Control Mobile .

Leveraging the Android Accessory Protocol

Leveraging the Android Accessory Protocol

Introduction to Android - elite.polito.it

Introduction to Android - elite.polito.it

AN INTRODUCTION TO ANDROID DEVELOPMENT

AN INTRODUCTION TO ANDROID DEVELOPMENT

PopularTags

Recent Views