Opis: Bulletproof Android - Godfrey Nolan

Battle-Tested Best Practices for Securing Android Apps throughout the Development Lifecycle Android's immense popularity has made it today's #1 target for attack: high-profile victims include eHarmony, Facebook, and Delta Airlines, just to name a few. Today, every Android app needs to resist aggressive attacks and protect data, and in Bulletproof Android(TM), Godfrey Nolan shows you how. Unlike "black hat/gray hat" books, which focus on breaking code, this guide brings together complete best practices for hardening code throughout the entire development lifecycle. Using detailed examples from hundreds of apps he has personally audited, Nolan identifies common "anti-patterns" that expose apps to attack, and then demonstrates more secure solutions. Nolan covers authentication, networking, databases, server attacks, libraries, hardware, and more. He illuminates each technique with code examples, offering expert advice on implementation and trade-offs. Each topic is supported with a complete sample app, which demonstrates real security problems and solutions. Learn how to * Apply core practices for securing the platform * Protect code, algorithms, and business rules from reverse engineering * Eliminate hardcoding of keys, APIs, and other static data * Eradicate extraneous data from production APKs * Overcome the unique challenges of mobile authentication and login * Transmit information securely using SSL * Prevent man-in-the-middle attacks * Safely store data in SQLite databases * Prevent attacks against web servers and services * Avoid side-channel data leakage through third-party libraries * Secure APKs running on diverse devices and Android versions * Achieve HIPAA or FIPS compliance * Harden devices with encryption, SELinux, Knox, and MDM * Preview emerging attacks and countermeasures This guide is a perfect complement to Nolan's Android(TM) Security Essentials LiveLessons (video training; ISBN-13: 978-0-13-382904-4) and reflects new risks that have been identified since the LiveLessons were released.Preface xiii Acknowledgments xxi About the Author xxiii Chapter 1: Android Security Issues 1 Why Android? 1 Guidelines 7 Securing the Device 17 Conclusion 18 Chapter 2: Protecting Your Code 19 Looking into the classes.dex File 19 Obfuscation Best Practices 24 Smali 39 Hiding Business Rules in the NDK 48 Conclusion 49 Chapter 3: Authentication 51 Secure Logins 51 Understanding Best Practices for User Authentication and Account Validation 54 Application Licensing with LVL 65 OAuth 77 User Behavior 84 Conclusion 86 Chapter 4: Network Communication 87 HTTP(S) Connection 88 Symmetric Keys 92 Asymmetric Keys 94 Ineffective SSL 99 Conclusion 107 Chapter 5: Android Databases 109 Android Database Security Issues 109 SQLite 110 SQLCipher 116 Hiding the Key 120 SQL Injection 127 Conclusion 129 Chapter 6: Web Server Attacks 131 Web Services 131 Cross Platform 135 WebView Attacks 140 Cloud 146 Conclusion 150 Chapter 7: Third-Party Library Integration 151 Transferring the Risk 152 Permissions 152 Installing Third-Party Apps 154 Trust but Verify 160 Conclusion 165 Chapter 8: Device Security 167 Wiping Your Device 168 Fragmentation 168 Device Encryption 172 SEAndroid 174 FIPS 140-2 176 Mobile Device Management 177 Conclusion 178 Chapter 9: The Future 179 More Sophisticated Attacks 179 Internet of Things 186 Audits and Compliance 188 Tools 190 Conclusion 194 Index 195

Szczegóły: Bulletproof Android - Godfrey Nolan

Tytuł: Bulletproof Android
Autor: Godfrey Nolan
Producent: Addison Wesley Publishing Company
ISBN: 9780133993325
Rok produkcji: 2014
Ilość stron: 240
Oprawa: Miękka
Waga: 0.38 kg

Recenzje: Bulletproof Android - Godfrey Nolan