Abstract
Students will set up an environment that makes it easy to test Android apps for common security flaws such as insecure data transmission, insecure file storage, and data exposure in logs and memory dumps.
We will use Android Studio, Burp, VirtualBox, Genymotion, and the Google Play Store. Students need to have laptops. Macs and Linux machines work best, but Windows can also be used.
Reference Book
"Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018
Buy from Amazon
Presentation
Android Security Auditing (pptx)
Android and iOS Vulnerabilities Research
3CS Instructions
1. Genymotion and Google Play
2. Observing the TD Ameritrade Log
3. Mayo Clinic Medical Transport App Hardcoded Password Exposure
4. Making a Signed App with Android Studio
5. Trojaning the Charles Schwab App
6. Configure Genymotion & Burp Prep for Auditing SSL Traffic
7. Maine EMS App Plaintext Data Transmission
8. GenieMD Broken SSL
Project 2: SSL Auditing Proxy
Making an SSL Auditing Proxy with a Mac, Burp, and pf
Comparing Secure and Insecure iOS Apps (not public yet)
More Projects
More Projects
Old Stuff
Project 1: Complete Android Auditing System
Do One of These
Ubuntu Prep for Android Security Auditing
Mac or Windows Prep for Android Security Auditing
Do Both of These
Making a Signed App with Android Studio
Genymotion and Google Play for Android Security Audits
Fun & Games
Observing the TD Ameritrade Log
Ameritrade APK file
Maine EMS Apps Plaintext Data Transmission
Mayo Clinic Medical Transport App Hardcoded Password Exposure
Download Mayo Clinic APK
Wolf Apps LLC Security Problems
Trojaning the Charles Schwab App
|