manifestsecurity.com
Android Application Security Part 6-Let the Fun Begin – Aditya Agrawal
https://manifestsecurity.com/android-application-security-part-6-2
Security Researcher. RailFan. Foodie. October 13, 2015. Android Application Security Part 6-Let the Fun Begin. In the upcoming post i will explain the various Top 10 Mobile Risk 2014. According to OWASP.org. While attacking a vulnerable android application . I will using FourGoats App of OWASP GoatDroid Project. Which is location-based social network vulnerable app and also HerdFinancial App of OWASP Goatdroid Project. Getting Started with GoadDroid Project is already their on their Project. Tap on Desti...
manifestsecurity.com
Appie – Android Pentesting Portable Integrated Environment – Aditya Agrawal
https://manifestsecurity.com/appie
Security Researcher. RailFan. Foodie. Appie – Android Pentesting Portable Integrated Environment. Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a Virtual Machine(VM) or dualboot. It is completely portable and can be carried on USB stick or your smartphone. Why Appie Was Created? Difference between Appie and Existing Environments. Tools Included in Appie. What they are saying. Why Appie was created?
manifestsecurity.com
Appie New Release – Update Instructions Included – Aditya Agrawal
https://manifestsecurity.com/appie-release
Security Researcher. RailFan. Foodie. Appie New Release – Update Instructions Included. First of all i would like to thank everyone for their support in making Appie a Huge Success. It is only one month after releasing Appie and i have received awesome response from the users. Within one month there are about 2250 downloads. Of Appie which is highest for any existing alternative to Appie. See here. About Appie journey till now. Below are the tools which are included in Appie in this release. 8211; This w...
manifestsecurity.com
Android Application Security Part 7-Understanding AndroidManifest.xml File – Aditya Agrawal
https://manifestsecurity.com/android-application-security-part-7
Security Researcher. RailFan. Foodie. October 13, 2015. Android Application Security Part 7-Understanding AndroidManifest.xml File. AndroidManifest.xml is very important part of an APK file espically when security is concerned. Every service,ContentProvider,activity,Broadcast Receiver need to be mentioned in the AndroidManifest.xml file. Let’s learn more about AndroidManifest file in a short while. First i would like to tell several important methods to view decompiled AndroidManifest.xml file. But a com...
manifestsecurity.com
Android Application Security Part 4-Get to know about your Arsenals – Aditya Agrawal
https://manifestsecurity.com/android-application-security-part-4
Security Researcher. RailFan. Foodie. October 13, 2015. Android Application Security Part 4-Get to know about your Arsenals. For all the demos below i have used FourGoats Application from OWASP-Goatdroid-Project. You can download from here. Below i have described must know methods of adb but i would recommend you to go through ADB Documentation. To gain a better understanding of it. Adb devices – It Prints a list of all attached emulator/device instances. And interacting with the Dalvik VM, other apps’ I...
manifestsecurity.com
Android Application Security Part 10 – Insufficient Transport Layer Protection – Aditya Agrawal
https://manifestsecurity.com/android-application-security-part-10
Security Researcher. RailFan. Foodie. October 14, 2015. Android Application Security Part 10 – Insufficient Transport Layer Protection. Insufficient Transport Layer Protection holds 3rd. Position at OWASP Mobile Top 10. Lack of Certificate Inspection:. Android Application fails to verify the identity of the certificate presented to it. Most of the application ignore the warnings and accept any self-signed certificate presented. Some Application instead pass the traffic through an HTTP connection. Hackers...
manifestsecurity.com
Android Application Security Part 9 – Binary Protections – Aditya Agrawal
https://manifestsecurity.com/android-application-security-part-9
Security Researcher. RailFan. Foodie. October 14, 2015. Android Application Security Part 9 Binary Protections. Lack of Binary Protection is the last one in OWASP Mobile Top 10 Risk. Android Application are delivered through an .apk. File format which an adversary can reverse engineer it and can see all the code contained in it. Below are scenarios of reverse engineering an application:-. Also adversary can also insert the malicious code, recompile it and deliver to normal users. To convert .apk. Can be ...
manifestsecurity.com
Android Application Security Part 8 – Insecure Data Storage – Aditya Agrawal
https://manifestsecurity.com/android-application-security-part-8
Security Researcher. RailFan. Foodie. October 14, 2015. Android Application Security Part 8 – Insecure Data Storage. Insecure Data Storage hold 2nd. Position at OWASP Mobile Top 10. Our common concern remain that our application data is securely stored on our android devices so that no one can extract data from it in the case of theft or loss. Also one application(malicious) cannot access data of another application (Banking). Physical Access to device. But developers often use. In the above picture you ...
manifestsecurity.com
Android Application Security Part 12 – Poor Authentication And Authorization – Aditya Agrawal
https://manifestsecurity.com/android-application-security-part-12
Security Researcher. RailFan. Foodie. October 14, 2015. Android Application Security Part 12 – Poor Authentication And Authorization. Poor Authorization and Authentication. Hold 5th position in OWASP Mobile Security Top 10. In this post i will be demonstrating some of the scenarios which falls under Poor Authorization and Authentication. Category.So here we Begin. If you would see in the HerdFinancial Application then you will find that org.owasp.goatdroid.herdfinancial.activities.Main. But i already had...
SOCIAL ENGAGEMENT