Android Mobile Application Pentesting - owasp.org · suatu aplikasi sistem bukan merupakan tanggung...

Preview:

Click to see full reader

Citation preview

Android Mobile Application Pentesting

Williamswyohanes96@gmail.com

OWASP29 April 2018

Who Am I ?

Who Am I

Noted to all audience:

Semua materi yang diberikan dalam pertemuan hanya untuk tujuan pendidikan. Kerusakan yang terjadi pada suatu aplikasi sistem bukan merupakan tanggung jawab dari pengarang

Peace out yoo!

Android Mobile Application Security Testing

Source:

Source:

OWASP Mobile top 10 Vulnerability

Linux Kernel

Android Runtime

Native Libraries

Application framework

Application

Taken from learning pentesting for android device

Linux Kernel

Android Runtime

Native Libraries

Application framework

Application

Android Application Package

It is just a zip file

Android Application Package

Taken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses

Android Application Package

Taken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses

Android Application Package

Taken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses

Taken from fileinfo.com

OWASP Mobile top 10 Vulnerability

OWASP Mobile top 10 Vulnerability

First step into android mobile application penetration testing is to try reverse engineer the application because once u get the code u already do half of the works

With APKTOOLS

With Dex2jar

With jdx-core

With jdx-core

Where to get Free apk other than play store?

Taken from APKpure.com

Improper Platform Usage

Improper Platform Usage

Improper Platform Usage

A Good Tools that every android pentester must have

Taken from mac afee blog. All right reserved to the author

Target:

Improper Platform Usage

Improper Platform Usage

Improper Platform Usage

~# adb shell am start -n com.xllusion.quicknote/.EditNote -e android.intent.extra.SUBJECT dumbass -e android.intent.extra.TEXT dumbass

Package name and the activity

Put the first string Put the second string

Improper Platform Usage

OWASP Mobile top 10 Vulnerability

Insecure Data Storage

Target:

Insecure Data Storage

Insecure Data Storage

Insecure Data Storage

Insecure Data Storage

Insecure Data Storage

OWASP Mobile top 10 Vulnerability

Insecure Communication

What do you need ?

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Thank You

Recommended

Protecting Web Applications with ESAPI and AppSensor Manuel Lopez Arredondo manuel.lopez@owasp.org
Documents
APPLICATION DEVELOPMENT SECURE CODING WORKSHOP JIM MANICO VP, Security Architecture jim@owasp.org jim.manico@whitehatsec.com MARCH 2013
Documents
PENGARANG, KARYA SASTRA DAN PEMBACA
Documents
Joey Peloquin Director, professional services - owasp.org · PDF file/User/Library/Keyboard/ analyze5keyboard5cache5 /User/Library/Caches/com.apple.UIKit.pboard/pasteboardDB5 convertto5XML5to5analyze5pasteboard5cache5
Documents
OWASP Hackademic · OWASP Hackademic: A practical environment for teaching application security! Dr Konstantinos Papapanagiotou! konstantinos@owasp.org! @kpapapan!!
Documents
Protecting Web Applications with ESAPI and AppSensor Manuel Lopez Arredondo manuel.lopez@owasp.org
Documents
Android development, Android
Mobile
PEREMPUAN PENGARANG TAHUN 2000-AN KARYA NOVEL …
Documents
Android Training Ahmedabad , Android Course Ahmedabad, Android architecture
Education
Software Assurance Maturity Model Pravir Chandra OpenSAMM Project Lead chandra@owasp.org
Documents
Android Lollipop - Material Design - inovex...Android Lollipop - Material Design Author Tim Roes Subject Android Lollipop, Android 5.0, Material Design Keywords android lollipop, android
Documents
pustakapertanianub.staff.ub.ac.idpustakapertanianub.staff.ub.ac.id/.../04/Katalog-AZ-HPT.docx · Web viewNO. JUDUL. PENGARANG. TAHUN. JML. KET. 01. The Insecture and Function. R.F
Documents
1 Android QRG v3 - Optus · 2020-07-24 · 1 Android QRG v3. 2 Android QRG v3. 3 Android QRG v3. 4 Android QRG v3. 5 Android QRG v3. 6 Android QRG v3. 7 Android QRG v3. 8 Android
Documents
The OWASP Foundation Why hackers don’t care about your firewall Seba Deleersnyder seba@owasp.org
Documents
REKAYASA PERANGKAT LUNAKfile.upi.edu/Direktori/FPMIPA/JUR._PEND._FISIKA...••Buku Acuan:: Software Engineering:Software Engineering:A Practitioner's A Practitioner's Approach Pengarang
Documents
Looking Forward… and Beyond Distinctiveness Through Security Excellence Ludovic Petit Ludovic.Petit@owasp.org Chapter Leader OWASP France Global Connections
Documents
Genaker PTT Android Client · The Genaker PTT application client is compatible with handsets running Android 4.4, Android 4.4.x, Android 5.0, Android 5.0.1, Android 5.1, and Android
Documents
Introduction to Android | Android Tutorials | Android Blog - SearchforSolut
Documents
jurnal PRODUKTIVITI - ilmuonline.mpc.gov.myilmuonline.mpc.gov.my/elmu-cis/document/JurnalProduktiviti/JUN92.pdf · Pengarang Sujaidi Dasuki Sidang Pengarang Isa Abu Bakar Muhamad
Documents
The OWASP Foundation OWASP Belgium Chapter OWASP Update 6-Jun-2013 Seba Deleersnyder BE Board seba@owasp.org
Documents