Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Android Mobile Application Pentesting
OWASP29 April 2018
Who Am I ?
Who Am I
Noted to all audience:Semua materi yang diberikan dalam pertemuan hanya
untuk tujuan pendidikan. Kerusakan yang terjadi pada suatu aplikasi sistem bukan merupakan tanggung jawab dari pengarang
Peace out yoo!
Android Mobile Application Security Testing
Source:
Source:
OWASP Mobile top 10 Vulnerability
Linux Kernel
Android Runtime
Native Libraries
Application framework
Application
Taken from learning pentesting for android device
Linux Kernel
Android Runtime
Native Libraries
Application framework
Application
Android Application Package
It is just a zip file
Android Application Package
Taken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses
Android Application Package
Taken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses
Android Application Package
Taken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses
Taken from fileinfo.com
OWASP Mobile top 10 Vulnerability
OWASP Mobile top 10 Vulnerability
First step into android mobile application penetration testing is to try reverse engineer the application because once u get the code u already do half of the works
With APKTOOLS
With Dex2jar
With jdx-core
With jdx-core
Where to get Free apk other than play store?
Taken from APKpure.com
Improper Platform Usage
Improper Platform Usage
Improper Platform Usage
A Good Tools that every android pentester must have
Taken from mac afee blog. All right reserved to the author
Target:
Improper Platform Usage
Improper Platform Usage
Improper Platform Usage
~# adb shell am start -n com.xllusion.quicknote/.EditNote -e android.intent.extra.SUBJECT dumbass -e android.intent.extra.TEXT dumbass
Package name and the activity
Put the first string Put the second string
Improper Platform Usage
OWASP Mobile top 10 Vulnerability
Insecure Data Storage
Target:
Insecure Data Storage
Insecure Data Storage
Insecure Data Storage
Insecure Data Storage
Insecure Data Storage
OWASP Mobile top 10 Vulnerability
Insecure Communication
What do you need ?
Insecure Communication
Insecure Communication
Insecure Communication
Insecure Communication
Insecure Communication
Insecure Communication
Insecure Communication
Thank You
Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50