Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Quick Android
Review KIT
(QARK)
Android Security
Testing Tool
Hello!
I am Chandan
Kumar
This presentation is about an open
source security tool for static code
analysis.
You can find m...
QUARK
WHAT IS IT??
Quick Android Review KIT
(QUARK)
“ QARK is a static code analysis tool, designed
to recognize potential security vulnerabi...
What it Does?
Included in the types of security vulnerabilities this tool attempts to find are:
Improperly protected expor...
Requirement :
● Python 2.7.6
● JRE 1.6+ (preferably 1.7+)
● OSX or Ubuntu Linux (Others may
work, but not fully tested)
Download QARK from following link:
http://resources.infosecinstitute.com/w
p-content/uploads/qark-master.zip
➜ Download the QARK
➜ Navigate to quark folder and type <python
qark.py>
➜ Enter option(1/2) to provide apk/source code.
➜...
Thanks!
Any questions?
You can find me at:
cksonker@gmail.com
Upcoming SlideShare
Loading in …5
×

Quick android review kit (qark)

370 views

Published on

“ QARK is a static code analysis tool, designed to recognize potential security vulnerabilities and points of concern for Java-based Android applications. QARK was designed to be community based, available to everyone and free for use. ”

Published in: Technology
  • Be the first to comment

Quick android review kit (qark)

  1. 1. Quick Android Review KIT (QARK) Android Security Testing Tool
  2. 2. Hello! I am Chandan Kumar This presentation is about an open source security tool for static code analysis. You can find me @ cksonker@gmail.com
  3. 3. QUARK WHAT IS IT??
  4. 4. Quick Android Review KIT (QUARK) “ QARK is a static code analysis tool, designed to recognize potential security vulnerabilities and points of concern for Java-based Android applications. QARK was designed to be community based, available to everyone and free for use. ”
  5. 5. What it Does? Included in the types of security vulnerabilities this tool attempts to find are: Improperly protected exported components Intents which are vulnerable to interception or eavesdropping Improper x.509 certificate validation Activities which may leak data Insecurely created Pending Intents Sending of insecure Broadcast Intents Private keys embedded in the source Weak or improper cryptography use Potentially exploitable WebView configurations Tapjacking Apps supporting outdated API versions, with known vulnerabilities
  6. 6. Requirement : ● Python 2.7.6 ● JRE 1.6+ (preferably 1.7+) ● OSX or Ubuntu Linux (Others may work, but not fully tested)
  7. 7. Download QARK from following link: http://resources.infosecinstitute.com/w p-content/uploads/qark-master.zip
  8. 8. ➜ Download the QARK ➜ Navigate to quark folder and type <python qark.py> ➜ Enter option(1/2) to provide apk/source code. ➜ Inspect Manifest file ➜ Decompile the apk and vulnerability will be displayed on the screen ➜ You can create a custom apk of vulnerable app and print the report of SCA (Static Code Analyis) AUDIT STEPs :
  9. 9. Thanks! Any questions? You can find me at: cksonker@gmail.com

×