Android Penetration Testing
Android Application Development Process
Android Applications Components
Setting Up A testing Lap
Santoku OS
https://santoku-linux.com
vitrualbox
genymotion
Android Debug Bridge
Android Startup Process
Unzipping Archive
Reversing (decompiling) Android Application
Dex File
DEX file Structure
Hex Dump – cannot analyze so Dexdump or 010 Editor
JD-Gui
OWASP MOBILE TOP 10
Analyzing Traffic
Passive and Active
Damn Insecure and Vulnerable Application(DIVA)
- INSECURE LOGGING
- HARDCODING ISSUES
- INSECURE DATA STORAGE
- DATABASE INSECURE STORAGE
- TEMPORARY FILESTORAGE
- EXTERNAL INSECURE DATA STORAGE
- SQL INJECTION
- ABUSING WEB VIEW
- ACCESS CONTROL ISSUES
- AUTHENTICATION BASED ACCESS CONTROL ISSUES
- LEAKING CONTENT PROVIDER
- HARDCODING ISSUES JNI