Testing Guide
2. The Open Web Application Security Project (OWASP) is a worldwide free and open ment organizations do not include security testing as part of their.
CATEGORY 5 – TELECOMMUNICATIONS AND “INFORMATION
Commerce Control List. Supplement No. 1 to Part 774. Category 5 - Info. Security—page 2. Export Administration Regulations. Bureau of Industry and Security.
Application Security Guide For CISOs
18 nov. 2013 Part II : Criteria for Managing Application Security Risks ... Table 2 CISO Functions Mapped to OWASP Guides and Other Projects .
eLearnSecurity Mobile Application Penetration Testing (eMAPT
Android Runtime environment is one of the most important part of Android. It contains The design of the Android Application has guidelines from Google ...
Technology Risk Management Guidelines January 2021
18 janv. 2021 2 Application of the MAS Technology Risk Management Guidelines . ... Secure Coding Source Code Review and Application Security Testing .
Mobile Threats Incident Handling (Part II)
14 sept. 2015 European Union Agency For Network And Information Security. Mobile Threats Incident. Handling (Part II). Handbook Document for teachers.
RandoriSec
10 déc. 2019 MOBILE SECURITY TESTING: LE GUIDE. ? 3 grandes parties : une section générale une section. Android
Analysis of testing approaches to Android mobile application
Keywords: mobile application security assessment
OWASP Mobile Application Security Verification Standard
design develop and test secure mobile apps on iOS and Android. OWASP Mobile Security Testing Guide
USER MANUAL
4 août 2017 V6.3- Part 1 - Page 2 on 233. Acknowledgment. Welcome to the world of high security! You have purchased SECard software; it will allow you ...
Mobile Threats Incident
Handbook, Document for teachers
1.0SEPTEMBER 2015
Mobile Threats Incident Handling (Part II)
1.0 | September 2015
02About ENISA
The European Union Agency for Network and Information Security (ENISA) is a centre of network andinformation security expertise for the EU, its member states, the private sector and Europe's citizens.
ENISA works with these groups to develop advice and recommendations on good practice in informationsecurity. It assists EU member states in implementing relevant EU legislation and works to improve the
resilience of Europe's critical information infrastructure and networks. ENISA seeks to enhance existing
expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu.Authors
This document was created by Yonas Leguesse, Christos Sidiropoulos, and Lauri Palkmets in consultation
with S-CURE1 (The Netherlands), ComCERT2 (Poland), and DFN-CERT Services3 (Germany).Contact
For contacting the authors please use cert-relations@enisa.europa.eu. For media enquires about this paper, please use press@enisa.europa.eu.1 Don Stikvoort, Michael Potter, and Alan Robinson
2 Tomasz Chlebowski, Mirosław Maj, Piotr Szeptyński, and Michał Tatar
3 Mirko Wollenberg
Mobile Threats Incident Handling (Part II)
1.0 | September 2015
03Legal notice
Notice must be taken that this publication represents the views and interpretations of the authors and
editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or
the ENISA bodies unless adopted pursuant to the Regulation (EU) No 526/2013. This publication does not
necessarily represent state-of the-art and ENISA may update it from time to time.Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external
sources including external websites referenced in this publication.This publication is intended for information purposes only. It must be accessible free of charge. Neither
ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication.Disclaimer
ENISA does not endorse or recommend any commercial products, processes or services. Therefore, anyand every mention of commercial products, processes, or services within this course material, cannot be
construed as an endorsement or recommendation. This course material provides links to other Internet sites for informational purposes and theconvenience of its users. When users select a link to an external web site, they are subject to the privacy
and security policies of the owners/sponsors of the external site.Copyright Notice
© European Union Agency for Network and Information Security (ENISA), 2015 Reproduction is authorised provided the source is acknowledged.Mobile Threats Incident Handling (Part II)
1.0 | September 2015
04Table of Contents
1. Introduction to mobile forensics 9
Mobile technologies 9
Historical evolution of mobile operating systems 9Mobile forensics 10
Historical evolution of mobile forensics 11
Latest trends in mobile forensics techniques 12
Mobile Platforms and Versions 13
1.6.1 iOS 9 13
1.6.2 Android Marshmallow 13
1.6.3 Windows 10 Mobile 14
Case studies on mobile threats for Android and iOS 141.7.1 Android and Stagefright 15
1.7.2 CoreText vulnerability 15
Mobile technologies statistics 16
Rooting of Android-based devices 24
Jail-breaking of iOS-based devices 25
2. Threats and incidents handling 26
Threat analysis 26
Vulnerabilities 27
Encryption mechanisms in Android and iOS 28
2.3.1 Encrypting user data 29
Threat analysis on iOS 29
Threat analysis on Android 31
Task 2.1: Analysis of sample application's permissions on an Android device 332.6.1 Introduction 33
2.6.2 Details 33
2.6.3 Task walk-through 33
Task 2.2: Analysis of sample application's Mach-o header on an iOS device 342.7.1 Introduction 34
2.7.2 Details 34
2.7.3 Task walk-through 34
3. Mobile Forensics 36
Concepts and principles 36
Mobile Threats Incident Handling (Part II)
1.0 | September 2015
053.1.1 Common principles 36
3.1.2 Unique principles 36
Mobile forensics tools 37
Examples of data sources 38
3.3.1 Mobile devices as a source of data 38
3.3.2 Mobile device memory storage as a source of data 39
3.3.3 Mobile operator as a source of information 40
Task 3.1: A quick evaluation of knowledge regarding mobile devices 414. Mobile forensic procedures 42
Explanation of logical and physical extractions 42Best practices and techniques 44
4.2.1 Battery and power supply 44
4.2.2 Communication interfaces 44
4.2.3 Communication cables 44
4.2.4 Premises 45
4.2.5 Software 45
Physical analysis 45
4.3.1 Unique techniques in physical analysis 45
4.3.2 Tools and devices for physical forensics 47
4.3.3 JTAG as a backup interface for physical forensics 48
Logical analysis 48
4.4.1 Android partitions 48
4.4.2 iOS partitions 50
Task 4.1: Logical data extraction from Android devices 504.5.1 Introduction 50
4.5.2 Tools used 50
4.5.3 Details 50
4.5.4 Task walk-through 50
Task 4.2: File system extraction from Android devices 544.6.1 Introduction 54
4.6.2 Task walk-through 54
Task 4.3: Manual file carving 56
4.7.1 Introduction 56
4.7.2 Tools used 56
4.7.3 Details 56
4.7.4 Task walk-through 56
Task 4.4: RAM memory dump from Android device 59
4.8.1 Introduction 59
4.8.2 Tools used 59
4.8.3 Details 60
4.8.4 Task walk-through - Dumping RAM memory 60
Mobile Threats Incident Handling (Part II)
1.0 | September 2015
064.8.5 Examining memory dump with Volatility 65
4.8.6 Task walk-through - Using Autopsy 67
Task 4.5: iOS - iPhone Backup Analyser 2 73
4.9.1 Introduction 73
4.9.2 Details 73
4.9.3 Task walk-through 74
Task 4.6: Brute-forcing Android encryption mechanisms 774.10.1 Introduction 77
4.10.2 Details 77
4.10.3 Task walk-through 77
5. Mobile network forensics 80
Introduction to accessing mobile traffic 80
5.1.1 Malware Information 81
Task 5.1: Analysing pcap data and proxy logs of Android.Trojan.SLocker.DZ 825.2.1 Introduction 82
5.2.2 Tools used 82
5.2.3 Details 82
5.2.4 Task walk-through 83
5.2.5 Task walk-through with mitmproxy logs 85
Task 5.2: Analysing pcap data and proxy logs of iOS.Oneclickfraud 885.3.1 Introduction 88
5.3.2 Tools 88
5.3.3 Details 88
5.3.4 Test walk-through 88
6. Mobile malware reverse engineering 90
Introduction to special requirements in mobile malware 906.1.1 Tools 90
6.1.2 Malware Information 90
Task 6.1: Analysing Android.Trojan.SLocker.DZ 92
6.2.1 Introduction 92
6.2.2 Tools 92
6.2.3 Details 92
6.2.4 Task walk-through 92
Task 6.2: Analysing iOS.Oneclickfraud 95
6.3.1 Introduction 95
6.3.2 Tools 95
6.3.3 Details 95
6.3.4 Task walk-through 96
7. Recap of mobile forensic tools 98
Android SDK 98
AF Logical OSE 98
Mobile Threats Incident Handling (Part II)
1.0 | September 2015
07Volatility 98
Autopsy 98
iPBA2 98 whHexEditor 98Exiftool 98
Tcpdump 99
MITMproxy 99
HoneyProxy 99
Wireshark 99
Apktool 99
Strings 99
8. Countermeasures, protective measures 100
Sandboxes 100
Antivirus software for mobile systems 101
Mobile Device Management (MDM) systems 101
9. References 103
Mobile Threats Incident Handling (Part II)
1.0 | September 2015
08 Main Objective This course will introduce concepts, tools, and techniques used for Mobile and Network Forensics. The students will familiarise themselves with the risks found on Mobile platforms and also ways of identifying and mitigating such risks, as well as techniques to analyse mobile related threats and malware.Targeted Audience CSIRT staff involved in the process of incident handling, especially those responsible
quotesdbs_dbs17.pdfusesText_23[PDF] android application security testing guide series
[PDF] android best pdf maker app
[PDF] android book app maker pdf
[PDF] android cheat sheet
[PDF] android client server
[PDF] android client server communication example
[PDF] android concurrency pdf
[PDF] android cookbook 2019
[PDF] android create id in xml
[PDF] android database best practices pdf
[PDF] android design patterns and best practices
[PDF] android design patterns and best practices pdf
[PDF] android design patterns book
[PDF] android design patterns example
