Atjaunināt sīkdatņu piekrišanu

E-grāmata: Application Security for the Android Platform: Processes, Permissions, and Other Safeguards

3.43/5 (40 ratings by Goodreads)
  • Formāts: 114 pages
  • Izdošanas datums: 01-Dec-2011
  • Izdevniecība: O'Reilly Media
  • Valoda: eng
  • ISBN-13: 9781449322274
Citas grāmatas par šo tēmu:
  • Formāts - EPUB+DRM
  • Cena: 12,39 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
  • Šī e-grāmata paredzēta tikai personīgai lietošanai. E-grāmatas nav iespējams atgriezt un nauda par iegādātajām e-grāmatām netiek atmaksāta.
Application Security for the Android Platform: Processes, Permissions, and Other SafeguardsPalielināt
  • Formāts: 114 pages
  • Izdošanas datums: 01-Dec-2011
  • Izdevniecība: O'Reilly Media
  • Valoda: eng
  • ISBN-13: 9781449322274
Citas grāmatas par šo tēmu:

DRM restrictions

  • Kopēšana (kopēt/ievietot):

    nav atļauts

  • Drukāšana:

    nav atļauts

  • Lietošana:

    Digitālo tiesību pārvaldība (Digital Rights Management (DRM))
    Izdevējs ir piegādājis šo grāmatu šifrētā veidā, kas nozīmē, ka jums ir jāinstalē bezmaksas programmatūra, lai to atbloķētu un lasītu. Lai lasītu šo e-grāmatu, jums ir jāizveido Adobe ID. Vairāk informācijas šeit. E-grāmatu var lasīt un lejupielādēt līdz 6 ierīcēm (vienam lietotājam ar vienu un to pašu Adobe ID).

    Nepieciešamā programmatūra
    Lai lasītu šo e-grāmatu mobilajā ierīcē (tālrunī vai planšetdatorā), jums būs jāinstalē šī bezmaksas lietotne: PocketBook Reader (iOS / Android)

    Lai lejupielādētu un lasītu šo e-grāmatu datorā vai Mac datorā, jums ir nepieciešamid Adobe Digital Editions (šī ir bezmaksas lietotne, kas īpaši izstrādāta e-grāmatām. Tā nav tas pats, kas Adobe Reader, kas, iespējams, jau ir jūsu datorā.)

    Jūs nevarat lasīt šo e-grāmatu, izmantojot Amazon Kindle.

With the Android platform fast becoming a target of malicious hackers, application security is crucial. This concise book provides the knowledge you need to design and implement robust, rugged, and secure apps for any Android device. You’ll learn how to identify and manage the risks inherent in your design, and work to minimize a hacker’s opportunity to compromise your app and steal user data.

How is the Android platform structured to handle security? What services and tools are available to help you protect data? Up until now, no single resource has provided this vital information. With this guide, you’ll learn how to address real threats to your app, whether or not you have previous experience with security issues.

  • Examine Android’s architecture and security model, and how it isolates the filesystem and database
  • Learn how to use Android permissions and restricted system APIs
  • Explore Android component types, and learn how to secure communications in a multi-tier app
  • Use cryptographic tools to protect data stored on an Android device
  • Secure the data transmitted from the device to other parties, including the servers that interact with your app
Preface vii
1 Introduction
1(12)
Application Security: Why You Should Care
2(1)
The Current State of Mobile Application Security on Android
3(1)
Security: Risk = Vulnerability + Threat + Consequences
4(3)
Evolution of Information Security: Why Applications Matter the Most
7(1)
Your Role: Protect the Data
8(1)
Secure Software Development Techniques
9(1)
Unique Characteristics of Android
10(2)
Moving On
12(1)
2 Android Architecture
13(12)
Introduction to the Android Architecture
14(1)
The Linux Security Model
15(1)
The Resulting Android Security Model
15(1)
Application Signing, Attribution, and Attestation
16(2)
Process Design
18(3)
Android Filesystem Isolation
21(1)
Android Preferences and Database Isolation
22(2)
Moving up the Layers to System API and Component Permissions
24(1)
3 Application Permissions
25(12)
Android Permission Basics
27(2)
Using Restricted System APIs and the User Experience
29(3)
Custom Permissions
32(5)
4 Component Security and Permissions
37(16)
The Types of Android Components
37(1)
Intercomponent Signaling Using Intents
38(3)
Public and Private Components
41(1)
Imposing Restrictions on Access to Components
42(9)
Securing Activities
42(1)
Securing Services
42(2)
Securing Content Providers
44(5)
Securing Broadcast Intents
49(2)
Putting It All Together: Securing Communications in a Multi-Tier App
51(2)
5 Protecting Stored Data
53(20)
The Threats and Vulnerabilities Against Stored Data
53(2)
Vulnerabilities of Stored Data
53(1)
Threats to, and Mitigations for, Stored Data
54(1)
Protection Principles
55(1)
Cryptography Primer: Encryption
56(2)
Symmetric Encryption
56(1)
Asymmetric Key Encryption
57(1)
Cryptography Primer: Hashing
58(2)
Cryptographic Practicalities
60(3)
Computational Infeasibility
60(1)
Algorithm Choice and Key Size
61(1)
Cipher Operation Modes, Initialization Vectors, and Salt
61(1)
Public Keys and Their Management
62(1)
Key Derivation and Management
63(5)
Motivation
64(1)
Key Derivation
64(3)
Encryption Without User-Supplied Key Derivation
67(1)
Practical Cryptography: Applying a Technique Against a Threat
68(5)
6 Securing Server Interactions
73(22)
Confidentiality and Authentication
73(1)
SSL/TLS: The Industry Standard
74(2)
Authentication of the Entities
74(2)
Encryption of Data
76(1)
Protecting Data En Route to Public Services
76(5)
Introducing the Android SSL/TLS Environment
77(1)
Server Verification
78(2)
Handling SSL/TLS Connection Errors
80(1)
Protecting Data En Route to Private Services
81(6)
Using Only Specific Certificates for SSL/TLS
81(4)
One Step Further: Using Client-Side Authentication SSL/TLS
85(2)
Threats Against Devices Using Data in Transit
87(3)
Input Validation: The Central Tenant of Application Security
90(1)
Reject-Known-Bad
90(1)
Accept-Known-Good
90(1)
Wrapping It Up: Input Validation
91(1)
Preventing Command Injection
91(4)
7 Summary
95
Key Themes
95(2)
It's AH About Risk
95(1)
The Principle of Least Privilege
96(1)
Use the Permissions System
96(1)
Android Is an Open Architecture
96(1)
Get the Cryptography Right
96(1)
Never Trust User Input
97(1)
Wrapping It Up
97
Jeff is a Systems Security Engineer at a major financial institution based on Baltimore, Maryland, where he works to secure customer and firm data. A major component of Jeff's job is working with developers to enhance the security of applications through education, code reviews, and deployment of modern application security techniques and frameworks. He also develops security-related applications, primarily using the Java EE platform. Prior to this position and a comparable one at another financial services firm, Jeff worked at the National Security Agency on similar application security projects and development efforts, focused on information assurance. He has also served as Adjunct Faculty at the University of Delaware since 2000, teaching a junior/senior-level course of object-oriented programming with Java for ten years and have recently designed, and begun teaching, a course on Secure Software Design that is going in to its second offering this fall.
Biežāk uzdotie jautājumi par e-grāmatām Biežāk uzdotie jautājumi par e-grāmatām
Permanent link: https://www.kriso.lv/db/97814493222746e.html
Keywords: