Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mobile Security Assessment

27 views

Published on

A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Mobile Security Assessment

  1. 1. {elysiumsecurity} MOBILE SECURITY ASSESSMENT Version: 1.2a Date: 29/08/2018 Author: Sylvain Martinez Reference: ESC11-MUSCL Classification: Public cyber protection & response
  2. 2. {elysiumsecurity} cyber protection & response 2 ADVANCEDTOOLSFRAMEWORKCONTEXT • Assessment Scope; • Mobile Assessment Framework; • Advanced Technics. CONTENTS Public • Mobile usage statistics; • App usage statistics; • Mobile security context. • Environment; • Android Tools; • IOS Tools;
  3. 3. {elysiumsecurity} cyber protection & response 3 ADVANCEDTOOLSFRAMEWORKCONTEXT MOBILE USAGE STATISTICS Public Source: COMSCORE, May 2017
  4. 4. {elysiumsecurity} cyber protection & response 4 ADVANCEDTOOLSFRAMEWORKCONTEXT APP USAGE STATISTICS Public Source: COMSCORE, May 2017
  5. 5. {elysiumsecurity} cyber protection & response 5 ADVANCEDTOOLSFRAMEWORKCONTEXT MOBILE SECURITY CONTEXT Public Diagram Source: McAfee Mobile Threat Report Q1, 2018 SECURITY
  6. 6. {elysiumsecurity} cyber protection & response 6 ADVANCEDTOOLSFRAMEWORKCONTEXT ASSESSMENT SCOPE Public INFRASTRUCTUREWEB API APPLICATION Icons from the noun project unless specified otherwise
  7. 7. {elysiumsecurity} cyber protection & response 7 ADVANCEDTOOLSFRAMEWORKCONTEXT MOBILE ASSESSMENT FRAMEWORK Public SOURCE: ELYSIUMSECURITY LTD – Please refer to us when re-using this diagram
  8. 8. {elysiumsecurity} cyber protection & response 8 ADVANCEDTOOLSFRAMEWORKCONTEXT MOBILE ASSESSMENT FRAMEWORK Public FILESYSTEM ANALYSIS ANDROID: /DATA/DATA/APP_NAME IOS: /PRIVATE/VAR
  9. 9. NETWORK ANALYSIS {elysiumsecurity} cyber protection & response 9 ADVANCEDTOOLSFRAMEWORKCONTEXT MOBILE ASSESSMENT FRAMEWORK Public MONITOR IP ADDRESSES AND URL
  10. 10. USAGE ANALYSIS {elysiumsecurity} cyber protection & response 10 ADVANCEDTOOLSFRAMEWORKCONTEXT MOBILE ASSESSMENT FRAMEWORK Public
  11. 11. PSEUDO CODE ANALYSIS {elysiumsecurity} cyber protection & response 11 ADVANCEDTOOLSFRAMEWORKCONTEXT MOBILE ASSESSMENT FRAMEWORK Public SOURCE: ELYSIUMSECURITY LTD – Please refer to us when re-using this diagram PASSWORD
  12. 12. {elysiumsecurity} cyber protection & response 12 ADVANCEDTOOLSFRAMEWORKCONTEXT ENVIRONMENT Public DISTRIBUTIONS OS APPLICATIONS
  13. 13. {elysiumsecurity} cyber protection & response 13 ADVANCEDTOOLSFRAMEWORKCONTEXT ANDROID TOOLS Public FILESYSTEM ANALYSIS ADB TOOLS SSH NETWORK ANALYSIS PROXY SETTINGS ROGUE ACCESS POINTS WIRESHARK USAGE ANALYSIS YOUR THUMB! DROZZER PSEUDO CODE ANALYSIS DEX2JAR APKTOOL JD-GUI
  14. 14. {elysiumsecurity} cyber protection & response 14 ADVANCEDTOOLSFRAMEWORKCONTEXT IOS TOOLS Public FILESYSTEM ANALYSIS USAGE ANALYSIS YOUR THUMB! NETWORK ANALYSIS PROXY SETTINGS ROGUE ACCESS POINTS WIRESHARK PSEUDO CODE ANALYSIS UNZIP FOR RESOURCES STRINGS IDA, CLASS-DUMP SSH TO JAILBROKEN PHONE
  15. 15. {elysiumsecurity} cyber protection & response 15 ADVANCEDTOOLSFRAMEWORKCONTEXT ADVANCED TECHNICS Public ANTI JAILBREAK DETECTION SOFTWARE NETWORK TRAFFIC THROUGH AN IDS CHANGE CODE AND RECOMPILE (ANDROID)
  16. 16. {elysiumsecurity} cyber protection & response © 2018 ELYSIUMSECURITY LTD. All Rights Reserved www.elysiumsecurity.com ELYSIUMSECURITY provides practical expertise to identify vulnerabilities, assess their risks and impact, remediate those risks, prepare and respond to incidents as well as raise security awareness through an organization. ELYSIUMSECURITY provides high level expertise gathered through years of best practices experience in large international companies allowing us to provide advice best suited to your business operational model and priorities. ABOUT ELYSIUMSECURITY LTD. ELYSIUMSECURITY provides a portfolio of Strategic and Tactical Services to help companies protect and respond against Cyber Security Threats. We differentiate ourselves by offering discreet, tailored and specialized engagements. ELYSIUMSECURITY operates in Mauritius and in Europe, a boutique style approach means we can easily adapt to your business operational model and requirements to provide a personalized service that fits your working environment.

×