Atjaunināt sīkdatņu piekrišanu

E-grāmata: Android Security: Attacks and Defenses

3.11/5 (35 ratings by Goodreads)
(Cisco Systems, Inc., San Jose, California, USA),
  • Formāts: 280 pages
  • Izdošanas datums: 19-Apr-2016
  • Izdevniecība: Taylor & Francis Inc
  • Valoda: eng
  • ISBN-13: 9781439896471
Citas grāmatas par šo tēmu:
  • Formāts - PDF+DRM
  • Cena: 72,63 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Android Security: Attacks and DefensesPalielināt
  • Formāts: 280 pages
  • Izdošanas datums: 19-Apr-2016
  • Izdevniecība: Taylor & Francis Inc
  • Valoda: eng
  • ISBN-13: 9781439896471
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

Android Security: Attacks and Defenses is for anyone interested in learning about the strengths and weaknesses of the Android platform from a security perspective. Starting with an introduction to Android OS architecture and application programming, it will help readers get up to speed on the basics of the Android platform and its security issues.

Explaining the Android security model and architecture, the book describes Android permissions, including Manifest permissions, to help readers analyze applications and understand permission requirements. It also rates the Android permissions based on security implications and covers JEB Decompiler.

The authors describe how to write Android bots in JAVA and how to use reversing tools to decompile any Android application. They also cover the Android file system, including import directories and files, so readers can perform basic forensic analysis on file system and SD cards. The book includes access to a wealth of resources on its website: www.androidinsecurity.com. It explains how to crack SecureApp.apk discussed in the text and also makes the application available on its site.

The book includes coverage of advanced topics such as reverse engineering and forensics, mobile device pen-testing methodology, malware analysis, secure coding, and hardening guidelines for Android. It also explains how to analyze security implications for Android mobile devices/applications and incorporate them into enterprise SDLC processes.

The books site includes a resource section where readers can access downloads for applications, tools created by users, and sample applications created by the authors under the Resource section. Readers can easily download the files and use them in conjunction with the text, wherever needed. Visit www.androidinsecurity.com for more information.

Recenzijas

... a must-have for security architects and consultants as well as enterprise security managers who are working with mobile devices and applications. -Dr. Dena Haritos Tsamitis, Director of the Information Networking Institute; and Director of Education, CyLab, Carnegie Mellon University If you are facing the complex challenge of securing data and applications for Android, this book provides valuable insight into the security architecture and practical guidance for safeguarding this modern platform. -Gerhard Eschelbeck, Chief Technology Officer and Senior Vice President, Sophos ... a great introduction to Android security, both from a platform and applications standpoint. ... provides the groundwork for anybody interested in mobile malware analysis ... a great starting point for anybody interested in cracking the nitty-gritty of most Android apps. -Nicholas Falliere, Founder of JEB Decompiler ... Dubey and Misra have filled a critical gap in software security literature by providing a unique and holistic approach to addressing this critical and often misunderstood topic. They have captured the essential threats and countermeasures that are necessary to understand and effectively implement secure Android-driven mobile environments. -James Ransome, Senior Director of Product Security, McAfee, An Intel Company Good book for Android security enthusiasts and developers that also covers advanced topics like reverse engineering of Android applications. A must have book for all security professionals. -Sanjay Kartkar, Cofounder of Quick Heal Technologies ... an excellent book for professional businesses that are trying to move their corporate applications on mobile/Android platforms. It helped me understand the threats foreseen in Android applications and how to protect against them. -Jagmeet Malhotra, Vice President of Markets & International Banking, Royal Bank of Scotland The book gives security professionals and executives a practical guide to the security implications and best practices for deploying Android platforms and applications in the (corporate) environment. -Steve Martino, VP Information Security, Cisco

Dedication v
Foreword xiii
Preface xv
About the Authors xvii
Acknowledgments xix
Chapter 1 Introduction
1(16)
1.1 Why Android
1(4)
1.2 Evolution of Mobile Threats
5(6)
1.3 Android Overview
11(2)
1.4 Android Marketplaces
13(2)
1.5 Summary
15(2)
Chapter 2 Android Architecture
17(30)
2.1 Android Architecture Overview
17(11)
2.1.1 Linux Kernel
18(7)
2.1.2 Libraries
25(1)
2.1.3 Android Runtime
26(1)
2.1.4 Application Framework
26(1)
2.1.5 Applications
27(1)
2.2 Android Start Up and Zygote
28(1)
2.3 Android SDK and Tools
28(11)
2.3.1 Downloading and Installing the Android SDK
29(2)
2.3.2 Developing with Eclipse and ADT
31(1)
2.3.3 Android Tools
31(3)
2.3.4 DDMS
34(1)
2.3.5 ADB
35(1)
2.3.6 ProGuard
35(4)
2.4 Anatomy of the "Hello World" Application
39(4)
2.4.1 Understanding Hello World
39(4)
2.5 Summary
43(4)
Chapter 3 Android Application Architecture
47(24)
3.1 Application Components
47(14)
3.1.1 Activities
48(3)
3.1.2 Intents
51(6)
3.1.3 Broadcast Receivers
57(1)
3.1.4 Services
58(2)
3.1.5 Content Providers
60(1)
3.2 Activity Lifecycles
61(9)
3.3 Summary
70(1)
Chapter 4 Android (in)Security
71(26)
4.1 Android Security Model
71(1)
4.2 Permission Enforcement-Linux
72(3)
4.3 Android's Manifest Permissions
75(11)
4.3.1 Requesting Permissions
76(3)
4.3.2 Putting It All Together
79(7)
4.4 Mobile Security Issues
86(2)
4.4.1 Device
86(1)
4.4.2 Patching
86(1)
4.4.3 External Storage
87(1)
4.4.4 Keyboards
87(1)
4.4.5 Data Privacy
87(1)
4.4.6 Application Security
87(1)
4.4.7 Legacy Code
88(1)
4.5 Recent Android Attacks-A Walkthrough
88(5)
4.5.1 Analysis of DroidDream Variant
88(2)
4.5.2 Analysis of Zsone
90(1)
4.5.3 Analysis of Zitmo Trojan
91(2)
4.6 Summary
93(4)
Chapter 5 Pen Testing Android
97(22)
5.1 Penetration Testing Methodology
97(3)
5.1.1 External Penetration Test
98(1)
5.1.2 Internal Penetration Test
98(1)
5.1.3 Penetration Test Methodologies
99(1)
5.1.4 Static Analysis
99(1)
5.1.5 Steps to Pen Test Android OS and Devices
100(1)
5.2 Tools for Penetration Testing Android
100(6)
5.2.1 Nmap
100(1)
5.2.2 BusyBox
101(2)
5.2.3 Wireshark
103(1)
5.2.4 Vulnerabilities in the Android OS
103(3)
5.3 Penetration Testing-Android Applications
106(11)
5.3.1 Android Applications
106(7)
5.3.2 Application Security
113(4)
5.4 Miscellaneous Issues
117(1)
5.5 Summary
118(1)
Chapter 6 Reverse Engineering Android Applications
119(28)
6.1 Introduction
119(2)
6.2 What is Malware?
121(1)
6.3 Identifying Android Malware
122(1)
6.4 Reverse Engineering Methodology for Android Applications
123(21)
6.5 Summary
144(3)
Chapter 7 Modifying the Behavior of Android Applications without Source Code
147(22)
7.1 Introduction
147(1)
7.1.1 To Add Malicious Behavior
148(1)
7.1.2 To Eliminate Malicious Behavior
148(1)
7.1.3 To Bypass Intended Functionality
148(1)
7.2 DEX File Format
148(2)
7.3 Case Study: Modifying the Behavior of an Application
150(11)
7.4 Real World Example 1-Google Wallet Vulnerability
161(1)
7.5 Real World Example 2-Skype Vulnerability (CVE-2011-1717)
162(1)
7.6 Defensive Strategies
163(5)
7.6.1 Perform Code Obfuscation
163(4)
7.6.2 Perform Server Side Processing
167(1)
7.6.3 Perform Iterative Hashing and Use Salt
167(1)
7.6.4 Choose the Right Location for Sensitive Information
167(1)
7.6.5 Cryptography
168(1)
7.6.6 Conclusion
168(1)
7.7 Summary
168(1)
Chapter 8 Hacking Android
169(24)
8.1 Introduction
169(1)
8.2 Android File System
170(3)
8.2.1 Mount Points
170(1)
8.2.2 File Systems
170(1)
8.2.3 Directory Structure
170(3)
8.3 Android Application Data
173(5)
8.3.1 Storage Options
173(3)
8.3.2 /data/data
176(2)
8.4 Rooting Android Devices
178(3)
8.5 Imaging Android
181(2)
8.6 Accessing Application Databases
183(4)
8.7 Extracting Data from Android Devices
187(1)
8.8 Summary
187(6)
Chapter 9 Securing Android for the Enterprise Environment
193(20)
9.1 Android in Enterprise
193(6)
9.1.1 Security Concerns for Android in Enterprise
193(4)
9.1.2 End-User Awareness
197(1)
9.1.3 Compliance/Audit Considerations
197(1)
9.1.4 Recommended Security Practices for Mobile Devices
198(1)
9.2 Hardening Android
199(12)
9.2.1 Deploying Android Securely
199(9)
9.2.2 Device Administration
208(3)
9.3 Summary
211(2)
Chapter 10 Browser Security and Future Threat Landscape
213(10)
10.1 Mobile HTML Security
213(5)
10.1.1 Cross-Site Scripting
216(1)
10.1.2 SQL Injection
217(1)
10.1.3 Cross-Site Request Forgery
217(1)
10.1.4 Phishing
217(1)
10.2 Mobile Browser Security
218(2)
10.2.1 Browser Vulnerabilities
218(2)
10.3 The Future Landscape
220(2)
10.3.1 The Phone as a Spying/Tracking Device
220(1)
10.3.2 Controlling Corporate Networks and Other Devices through Mobile Devices
221(1)
10.3.3 Mobile Wallets and NFC
221(1)
10.4 Summary
222(1)
Appendix A
223(10)
Appendix B
233(6)
B.1 Views
233(2)
B.2 Code Views
235(1)
B.3 Keyboard Shortcuts
236(1)
B.4 Options
236(3)
Appendix C
239(2)
Glossary 241(10)
Index 251
Anmol Misra is a contributing author of the book Defending the Cloud: Waging War in Cyberspace (Infinity Publishing, December 2011). His expertise includes mobile and application security, vulnerability management, application and infrastructure security assessments, and security code reviews.

He is currently Program Manager of the Critical Business Security External (CBSE) team at Cisco. The CBSE team is part of the Information Security Team (InfoSec) at Cisco and is responsible for the security of Ciscos Cloud Hosted Services. Prior to joining Cisco, Anmol was a Senior Consultant with Ernst & Young LLP. In his role, he advised Fortune 500 clients on defining and improving Information Security programs and practices. He helped large corporations to reduce IT security risk and achieve regulatory compliance by improving their security posture.

Anmol holds a masters degree in Information Networking from Carnegie Mellon University. He also holds a Bachelor of Engineering degree in Computer Engineering. He served as Vice President of Alumni Relations for the Bay Area chapter of the Carnegie Mellon Alumni Association.In his free time, Anmol enjoys long walks on the beaches of San Francisco. He is a voracious reader of nonfiction booksespecially, history and economicsand is an aspiring photographer. Abhishek Dubey has a wide variety of experience in information security, including reverse engineering, malware analysis, and vulnerability detection. He is currently working as a Lead/Senior Engineer of the Security Services and Cloud Operations team at Cisco. Prior to joining Cisco, Abhishek was Senior Researcher in the Advanced Threat Research Group at Webroot Software.

Abhishek holds a masters degree in Information Security and Technology Management from Carnegie Mellon University and also holds a B.Tech degree in Computer Science and Engineering. He is currently pursuing studies in
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97814398964712e.html
Keywords: