Mobile Application Penetration Testing - Android
UtpalSwain2
210 views
18 slides
Jul 11, 2024
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
The slides is related to android application penetration testing
Slide Content
Mobile Application Security Testing Android Applications
AGENDA
Introduction P urpose of a penetration test G oal of a penetration test Android Penetration Testing is to identify security flaws in an application specially developed for mobile users i.e., Android mobile users. Android Penetration Testing 3 Android is a mobile operating system based on a modified version of Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smart phones and tablets.
Mobile App PT Methodology 4
Android Architecture 5
Android Compilation 6
Android Application Build Process 7
Android Components 8 There are some necessary building blocks that an Android application consists of. These loosely coupled components are bound by the application manifest file which contains the description of each component and how they interact.
9 Intents Widgets Notifications Manifest Fragment View Layout Resources Android Additional Components
APK 10 APK stands for Android Package Kit also known as Android Application Package. APK is a zip file or archive file that contains assembled java code or resources and metadata about them. APK contains programs code such as dex files (.dex), resources (.arsc), certificates, manifest file. Below is the list of prominent files and folders: META-INF/ Assests / AndroidManifest.xml lib/ r es/ Classes.dex Resources.arsc
Tools Used in APT 11 ADB Apktool d2j-dex2jar JD-GUI JADX MobSF Objection Drozer
Dynamic Analysis 12 Tools used: ADB (https:// developer.android.com/tools/adb ) BurpSuite (https:// portswigger.net/burp/communitydownload ) Genymotion (https://www.genymotion.com/download/)
Android Debug Bridge 13 Android Debug Bridge ( adb ) is a versatile command-line tool that lets you communicate with a device. The adb command facilitates a variety of device actions, such as installing and debugging apps. adb provides access to a Unix shell that you can use to run a variety of commands on a device. Installation: $apt install adb Use case: Connect Device Get Shell Push Files Pull Files Install Application
APK Tool, Dex2Jar, JADX 14 APK Tool #apt install apktool #apktool d < apkfile.apk > Dex2jar & JD-GUI #apt install dex2jar #apt install jd -GUI JADX #apt install jadx
Mobile Security Framework ( MobSF ) 15 Mobile Security Framework ( MobSF ) is an automated mobile application (Android/ iOS /Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Mobile Security Framework ( MobSF ) 16
OWASP Mobile Top 10
THANK YOU
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 210
- Slides 18
- Age 508 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
30 views