Mobile application security, Himanshu Dwivedi, Chris Clark, David Thiel
Type
Label
Mobile application security, Himanshu Dwivedi, Chris Clark, David Thiel
Language
eng
Bibliography note
Includes bibliographical references and index
Illustrations
illustrations
Index
index present
Literary Form
non fiction
Main title
Mobile application security
Nature of contents
bibliographydictionaries
Oclc number
1593356387
Responsibility statement
Himanshu Dwivedi, Chris Clark, David Thiel
Summary
"Implement a systematic approach to security in your mobile application development with help from this practical guide. Featuring case studies, code examples, and best practices, Mobile Application Security details how to protect against vulnerabilities in the latest smartphone and PDA platforms. Maximize isolation, lockdown internal and removable storage, work with sandboxing and signing, and encrypt sensitive user information. Safeguards against viruses, worms, malware, and buffer overflow exploits are also covered in this comprehensive resource"--Resource description page
Table Of Contents
Cover Page -- Mobile Application Security -- Copyright Page -- About the Authors -- Dedication -- Contents -- Acknowledgments -- Introduction -- Part I Mobile Platforms -- Chapter 1 Top Mobile Issues and Development Strategies -- Top Issues Facing Mobile Devices -- Physical Security -- Secure Data Storage (on Disk) -- Strong Authentication with Poor Keyboards -- Multiple-User Support with Security -- Safe Browsing Environment -- Secure Operating Systems -- Application Isolation -- Information Disclosure -- Virus, Worms, Trojans, Spyware, and Malware -- Difficult Patching/Update ProcessStrict Use and Enforcement of SSL -- Phishing -- Cross-Site Request Forgery (CSRF) -- Location Privacy/Security -- Insecure Device Drivers -- Multifactor Authentication -- Tips for Secure Mobile Application Development -- Leverage TLS/SSL -- Follow Secure Programming Practices -- Validate Input -- Leverage the Permissions Model Used by the OS -- Use the Least Privilege Model for System Access -- Store Sensitive Information Properly -- Sign the Application's Code -- Figure Out a Secure and Strong Update Process -- Understand the Mobile Browser's Security Strengths and LimitationsZero Out the Nonthreats -- Use Secure/Intuitive Mobile URLs -- Conclusion -- Chapter 2 Android Security -- Development and Debugging on Android -- Android's Securable IPC Mechanisms -- Activities -- Broadcasts -- Services -- ContentProviders -- Binder -- Android's Security Model -- Android Permissions Review -- Creating New Manifest Permissions -- Intents -- Intent Review -- IntentFilters -- Activities -- Broadcasts -- Receiving Broadcast Intents -- Safely Sending Broadcast Intents -- Sticky Broadcasts -- Services -- ContentProviders -- Avoiding SQL Injection -- Intent ReflectionFiles and Preferences -- Mass Storage -- Binder Interfaces -- Security by Caller Permission or Identity Checking -- Binder Reference Security -- Android Security Tools -- Manifest Explorer -- Package Play -- Intent Sniffer -- Intent Fuzzer -- Conclusion -- Chapter 3 The Apple iPhone -- History -- The iPhone and OS X -- Breaking Out, Breaking In -- iPhone SDK -- Future -- Development -- Decompilation and Disassembly -- Preventing Reverse-Engineering -- Security Testing -- Buffer Overflows -- Integer Overflows -- Format String Attacks -- Double-Frees -- Static Analysis -- Application FormatBuild and Packaging -- Distribution: The Apple Store -- Code Signing -- Executing Unsigned Code -- Permissions and User Controls -- Sandboxing -- Exploit Mitigation -- Permissions -- Local Data Storage: Files, Permissions, and Encryption -- SQLite Storage -- iPhone Keychain Storage -- Shared Keychain Storage -- Adding Certificates to the Certificate Store -- Acquiring Entropy -- Networking -- The URL Loading API -- NSStreams -- Peer to Peer (P2P) -- Push Notifications, Copy/Paste, and Other IPC -- Push Notifications -- UIPasteboard -- Conclusion -- Chapter 4 Windows Mobile Security