| Description |
1 online resource (xxii, 408 pages) : illustrations |
| Series |
IT Pro.
|
| Bibliography |
Includes bibliographical references and index. |
| Summary |
"Implement a systematic approach to security in your mobile application development with help from this practical guide. Featuring case studies, code examples, and best practices, Mobile Application Security details how to protect against vulnerabilities in the latest smartphone and PDA platforms. Maximize isolation, lockdown internal and removable storage, work with sandboxing and signing, and encrypt sensitive user information. Safeguards against viruses, worms, malware, and buffer overflow exploits are also covered in this comprehensive resource"--Resource description page. |
| Contents |
Cover Page -- Mobile Application Security -- Copyright Page -- About the Authors -- Dedication -- Contents -- Acknowledgments -- Introduction -- Part I Mobile Platforms -- Chapter 1 Top Mobile Issues and Development Strategies -- Top Issues Facing Mobile Devices -- Physical Security -- Secure Data Storage (on Disk) -- Strong Authentication with Poor Keyboards -- Multiple-User Support with Security -- Safe Browsing Environment -- Secure Operating Systems -- Application Isolation -- Information Disclosure -- Virus, Worms, Trojans, Spyware, and Malware -- Difficult Patching/Update Process |
|
Strict Use and Enforcement of SSL -- Phishing -- Cross-Site Request Forgery (CSRF) -- Location Privacy/Security -- Insecure Device Drivers -- Multifactor Authentication -- Tips for Secure Mobile Application Development -- Leverage TLS/SSL -- Follow Secure Programming Practices -- Validate Input -- Leverage the Permissions Model Used by the OS -- Use the Least Privilege Model for System Access -- Store Sensitive Information Properly -- Sign the Application's Code -- Figure Out a Secure and Strong Update Process -- Understand the Mobile Browser's Security Strengths and Limitations |
|
Zero Out the Nonthreats -- Use Secure/Intuitive Mobile URLs -- Conclusion -- Chapter 2 Android Security -- Development and Debugging on Android -- Android's Securable IPC Mechanisms -- Activities -- Broadcasts -- Services -- ContentProviders -- Binder -- Android's Security Model -- Android Permissions Review -- Creating New Manifest Permissions -- Intents -- Intent Review -- IntentFilters -- Activities -- Broadcasts -- Receiving Broadcast Intents -- Safely Sending Broadcast Intents -- Sticky Broadcasts -- Services -- ContentProviders -- Avoiding SQL Injection -- Intent Reflection |
|
Files and Preferences -- Mass Storage -- Binder Interfaces -- Security by Caller Permission or Identity Checking -- Binder Reference Security -- Android Security Tools -- Manifest Explorer -- Package Play -- Intent Sniffer -- Intent Fuzzer -- Conclusion -- Chapter 3 The Apple iPhone -- History -- The iPhone and OS X -- Breaking Out, Breaking In -- iPhone SDK -- Future -- Development -- Decompilation and Disassembly -- Preventing Reverse-Engineering -- Security Testing -- Buffer Overflows -- Integer Overflows -- Format String Attacks -- Double-Frees -- Static Analysis -- Application Format |
|
Build and Packaging -- Distribution: The Apple Store -- Code Signing -- Executing Unsigned Code -- Permissions and User Controls -- Sandboxing -- Exploit Mitigation -- Permissions -- Local Data Storage: Files, Permissions, and Encryption -- SQLite Storage -- iPhone Keychain Storage -- Shared Keychain Storage -- Adding Certificates to the Certificate Store -- Acquiring Entropy -- Networking -- The URL Loading API -- NSStreams -- Peer to Peer (P2P) -- Push Notifications, Copy/Paste, and Other IPC -- Push Notifications -- UIPasteboard -- Conclusion -- Chapter 4 Windows Mobile Security |
| Subject |
Mobile communication systems -- Security measures.
|
|
Mobile computing -- Security measures.
|
|
Mobile communication systems.
|
|
Mobile computing.
|
|
Radiocommunications mobiles. |
|
Informatique mobile. |
|
Radiocommunications mobiles -- Sécurité -- Mesures. |
|
Informatique mobile -- Sécurité -- Mesures. |
|
Mobile communication systems -- Security measures. |
|
Mobile computing -- Security measures. |
|
Mobile communication systems |
|
Mobile computing |
| Added Author |
Clark, Chris, 1980-
|
|
Thiel, David V.
|
| Other Form: |
Print version: Dwivedi, Himanshu. Mobile application security. New York : McGraw-Hill, ©2010 9780071633567 (DLC) 2009051530 (OCoLC)496159950 |
| ISBN |
9780071633574 (electronic bk.) |
|
007163357X (electronic bk.) |
|
More Resources