Mobile application security
"Implement a systematic approach to security in your mobile application development with help from this practical guide. Featuring case studies, code examples, and best practices, Mobile Application Security details how to protect against vulnerabilities in the latest smartphone and PDA platfor...
| Main Author: | |
|---|---|
| Other Authors: | , |
| Format: | eBook |
| Language: | English |
| Published: |
New York
McGraw-Hill
2010
|
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Cover Page
- Mobile Application Security
- Copyright Page
- About the Authors
- Dedication
- Contents
- Acknowledgments
- Introduction
- Part I Mobile Platforms
- Chapter 1 Top Mobile Issues and Development Strategies
- Top Issues Facing Mobile Devices
- Physical Security
- Secure Data Storage (on Disk)
- Strong Authentication with Poor Keyboards
- Multiple-User Support with Security
- Safe Browsing Environment
- Secure Operating Systems
- Application Isolation
- Information Disclosure
- Virus, Worms, Trojans, Spyware, and Malware
- Difficult Patching/Update Process
- Includes bibliographical references and index
- Build and Packaging
- Distribution: The Apple Store
- Code Signing
- Executing Unsigned Code
- Permissions and User Controls
- Sandboxing
- Exploit Mitigation
- Permissions
- Local Data Storage: Files, Permissions, and Encryption
- SQLite Storage
- iPhone Keychain Storage
- Shared Keychain Storage
- Adding Certificates to the Certificate Store
- Acquiring Entropy
- Networking
- The URL Loading API
- NSStreams
- Peer to Peer (P2P)
- Push Notifications, Copy/Paste, and Other IPC
- Push Notifications
- UIPasteboard
- Conclusion
- Chapter 4 Windows Mobile Security
- Zero Out the Nonthreats
- Use Secure/Intuitive Mobile URLs
- Conclusion
- Chapter 2 Android Security
- Development and Debugging on Android
- Android's Securable IPC Mechanisms
- Activities
- Broadcasts
- Services
- ContentProviders
- Binder
- Android's Security Model
- Android Permissions Review
- Creating New Manifest Permissions
- Intents
- Intent Review
- IntentFilters
- Activities
- Broadcasts
- Receiving Broadcast Intents
- Safely Sending Broadcast Intents
- Sticky Broadcasts
- Services
- ContentProviders
- Avoiding SQL Injection
- Intent Reflection
- Files and Preferences
- Mass Storage
- Binder Interfaces
- Security by Caller Permission or Identity Checking
- Binder Reference Security
- Android Security Tools
- Manifest Explorer
- Package Play
- Intent Sniffer
- Intent Fuzzer
- Conclusion
- Chapter 3 The Apple iPhone
- History
- The iPhone and OS X
- Breaking Out, Breaking In
- iPhone SDK
- Future
- Development
- Decompilation and Disassembly
- Preventing Reverse-Engineering
- Security Testing
- Buffer Overflows
- Integer Overflows
- Format String Attacks
- Double-Frees
- Static Analysis
- Application Format
- Strict Use and Enforcement of SSL
- Phishing
- Cross-Site Request Forgery (CSRF)
- Location Privacy/Security
- Insecure Device Drivers
- Multifactor Authentication
- Tips for Secure Mobile Application Development
- Leverage TLS/SSL
- Follow Secure Programming Practices
- Validate Input
- Leverage the Permissions Model Used by the OS
- Use the Least Privilege Model for System Access
- Store Sensitive Information Properly
- Sign the Application's Code
- Figure Out a Secure and Strong Update Process
- Understand the Mobile Browser's Security Strengths and Limitations