The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments and the techniques used to prevent, disrupt and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security.
Chapter 1 Mobile Application (In) security
Chapter 2 Analyzing iOS Applications
Chapter 3 Attacking iOS Applications
Chapter 4 Identifying iOS Implementation Insecurities
Chapter 5 Writing Secure iOS Applications
Chapter 6 Analyzing Android Applications
Chapter 7 Attacking Android Applications
Chapter 8 Identifying and Exploiting Android Implementation Issues
Chapter 9 Writing Secure Android Applications
Chapter 10 Analyzing Windows Phone Applications
Chapter 11 Attacking Windows Phone Applications
Chapter 12 Identifying Windows Phone Implementation Issues
Chapter 13 Writing Secure Windows Phone Applications
Chapter 14 Analyzing BlackBerry Applications
Chapter 15 Attacking BlackBerry Applications
Chapter 16 Identifying BlackBerry Application Issues
Chapter 17 Writing Secure BlackBerry Applications
Chapter 18 Cross Platform Mobile Applications
Primary audience: Security professionals, penetration testers and developers, hackers
Secondary audience: IT security managers
The ideal reader for this book would be a security professional such as a penetration tester, who's been tasked with the job of assessing the security of a mobile application.
Dominic Chell is a director of MDSec and a recognized expert in mobile security delivering training on mobile to leading global organizations in the financial, government and retail sectors. Additionally, Dominic aided in the development of a secure iOS development examination, for which he is also listed as a subject matter expert.
Tyrone Erasmus isHead of Mobile Practice at MWR InfoSecurity SA and is best known for his work on Android security. He is an international conference speaker, hacking tool author and Mobile Pwn2Own winner and author of the drozer framework for detecting Android vulnerabilities.
Jonathan Lindsay is a security consultant. Originally a malware reverse engineer, he switched to breaking software for a variety of companies as a consultant and then moved on to work within the internal security team for Research in Motion (RIM).
Shaun Colley is a security consultant and researcher at MDSec specializing in mobile security and reverse engineering. Shaun played an integral part in the Windows 8 security review during which he carried out several months of code review and fuzzing before the operating system's official release.
Ollie Whitehouse serves as Security Architect at Symantec Research Labs specializing in wireless security and serves as Manager of Security Research and Assessment, EMEA, Research in Motion (SOURCE Barcelona).