SlideShare a Scribd company logo

Automation In Android & iOS Application Review

B
B
Blueinfy SolutionsWeb Security Products, Consulting & Training Company

DeepSec 2013

Automation In Android & iOS Application Review

1 of 49
Automation In Android & iOS
Application Review
Who Am I?
• Hemil Shah – hemil@blueinfy.net
• Past experience
– HBO, KPMG, IL&FS, Net Square
• Interest
– Application security research (Web & Mobile)
• Published research
– Articles / Papers – Packstroem, etc.
– Tools – wsScanner, scanweb2.0, AppMap, AppCodeScan, AppPrint etc.
hemil@blueinfy.net
http://www.blueinfy.com
hemil@blueinfy.net
http://www.blueinfy.com
Mobile Apps
Gartner Statistics
Frequency of updates
• Very High compare to Web Applications
• Usually, 4-5 updates in a year for web
applications or even less at times
• Usually, 10-12 updates in mobile
applications or even more in some cases
• We all have accepted that application
needs to be reviewed before going to
production – DID WE???
Frequency of Updates
Application Name
 
Number of
Releases in
iOS
Number of
Releases in
Android
Facebook 19 34
Twitter 22 25
Chase Bank 9 2
eBay 9 4
Amazon 10 3
Temple Run 2 12 10
FB Messenger 12 10
Whatsapp 4 154
skype 8 6
Ad

Recommended

Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
Mobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseMobile security chess board - attacks & defense
Mobile security chess board - attacks & defenseBlueinfy Solutions
 
Mobile Application Scan and Testing
Mobile Application Scan and TestingMobile Application Scan and Testing
Mobile Application Scan and TestingBlueinfy Solutions
 
iOS Application Security Testing
iOS Application Security TestingiOS Application Security Testing
iOS Application Security TestingBlueinfy Solutions
 
Applciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationApplciation footprinting, discovery and enumeration
Applciation footprinting, discovery and enumerationBlueinfy Solutions
 
Web Services Hacking and Security
Web Services Hacking and SecurityWeb Services Hacking and Security
Web Services Hacking and SecurityBlueinfy Solutions
 

More Related Content

What's hot

Advanced applications-architecture-threats
Advanced applications-architecture-threatsAdvanced applications-architecture-threats
Advanced applications-architecture-threatsBlueinfy Solutions
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing!   hem...Mobile application security – effective methodology, efficient testing!   hem...
Mobile application security – effective methodology, efficient testing! hem...owaspindia
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)Sam Bowne
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptxAnkit Giri
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applicationsSatish b
 
Using & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack SurfaceUsing & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack SurfaceCA API Management
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5Shreeraj Shah
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsKaran Nagrecha
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingShreeraj Shah
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)Sam Bowne
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2Sam Bowne
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)Sam Bowne
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationSam Bowne
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 

What's hot (20)

Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobile
 
Advanced applications-architecture-threats
Advanced applications-architecture-threatsAdvanced applications-architecture-threats
Advanced applications-architecture-threats
 
Application fuzzing
Application fuzzingApplication fuzzing
Application fuzzing
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing!   hem...Mobile application security – effective methodology, efficient testing!   hem...
Mobile application security – effective methodology, efficient testing! hem...
 
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
 
Pentesting web applications
Pentesting web applicationsPentesting web applications
Pentesting web applications
 
Using & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack SurfaceUsing & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack Surface
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applications
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
 
Api security
Api security Api security
Api security
 
Hacking mobile apps
Hacking mobile appsHacking mobile apps
Hacking mobile apps
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
 
CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2CNIT 129S: Securing Web Applications Ch 1-2
CNIT 129S: Securing Web Applications Ch 1-2
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
 
CNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the ApplicationCNIT 129S: Ch 4: Mapping the Application
CNIT 129S: Ch 4: Mapping the Application
 
HTML5 hacking
HTML5 hackingHTML5 hacking
HTML5 hacking
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 

Viewers also liked

KatieLutzRezyTops
KatieLutzRezyTopsKatieLutzRezyTops
KatieLutzRezyTopsKatie Lutz
 
Geraldine O Reilly Under the Cover of Trees At The Doorway Gallery
Geraldine O Reilly Under the Cover of Trees At  The Doorway GalleryGeraldine O Reilly Under the Cover of Trees At  The Doorway Gallery
Geraldine O Reilly Under the Cover of Trees At The Doorway GalleryGer O Reilly
 
iWelcome case study: PostNL - Identity in the heart of transition to the cloud
iWelcome case study: PostNL - Identity in the heart of transition to the cloudiWelcome case study: PostNL - Identity in the heart of transition to the cloud
iWelcome case study: PostNL - Identity in the heart of transition to the cloudMaarten Stultjens
 
New base 989 special 19 january 2017 energy news
New base 989 special 19 january 2017 energy newsNew base 989 special 19 january 2017 energy news
New base 989 special 19 january 2017 energy newsKhaled Al Awadi
 
Los paises americanos美洲国家
Los paises americanos美洲国家Los paises americanos美洲国家
Los paises americanos美洲国家Bellechina Lee
 
Jay parmar, Legal and Policy Director at BVLRA - Ultra Low Emissions Vehicl...
Jay parmar, Legal and Policy Director  at  BVLRA - Ultra Low Emissions Vehicl...Jay parmar, Legal and Policy Director  at  BVLRA - Ultra Low Emissions Vehicl...
Jay parmar, Legal and Policy Director at BVLRA - Ultra Low Emissions Vehicl...Global Business Events
 
Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...
Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...
Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...SACAP
 
Assignment principles of exporting afghanistan (talha n atta)
Assignment principles of exporting   afghanistan (talha n atta)Assignment principles of exporting   afghanistan (talha n atta)
Assignment principles of exporting afghanistan (talha n atta)dialme4
 
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...
Ord. nº 1512  ssmo  modifica registro sanitario bezafibrato ciprofibrato o ge...Ord. nº 1512  ssmo  modifica registro sanitario bezafibrato ciprofibrato o ge...
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...José Luis Contreras Muñoz
 
California History Social Science Frameworks
California History Social Science FrameworksCalifornia History Social Science Frameworks
California History Social Science FrameworksCarla Piper
 
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan KapsDevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan KapsStephan Kaps
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Shreeraj Shah
 
Optimizing Your Application Security Program with Netsparker and ThreadFix
Optimizing Your Application Security Program with Netsparker and ThreadFixOptimizing Your Application Security Program with Netsparker and ThreadFix
Optimizing Your Application Security Program with Netsparker and ThreadFixDenim Group
 
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...Sylvain Kubicki
 

Viewers also liked (17)

Island Man
Island ManIsland Man
Island Man
 
KatieLutzRezyTops
KatieLutzRezyTopsKatieLutzRezyTops
KatieLutzRezyTops
 
Geraldine O Reilly Under the Cover of Trees At The Doorway Gallery
Geraldine O Reilly Under the Cover of Trees At  The Doorway GalleryGeraldine O Reilly Under the Cover of Trees At  The Doorway Gallery
Geraldine O Reilly Under the Cover of Trees At The Doorway Gallery
 
iWelcome case study: PostNL - Identity in the heart of transition to the cloud
iWelcome case study: PostNL - Identity in the heart of transition to the cloudiWelcome case study: PostNL - Identity in the heart of transition to the cloud
iWelcome case study: PostNL - Identity in the heart of transition to the cloud
 
New base 989 special 19 january 2017 energy news
New base 989 special 19 january 2017 energy newsNew base 989 special 19 january 2017 energy news
New base 989 special 19 january 2017 energy news
 
Udl 523
Udl 523Udl 523
Udl 523
 
Los paises americanos美洲国家
Los paises americanos美洲国家Los paises americanos美洲国家
Los paises americanos美洲国家
 
Food images
Food imagesFood images
Food images
 
Jay parmar, Legal and Policy Director at BVLRA - Ultra Low Emissions Vehicl...
Jay parmar, Legal and Policy Director  at  BVLRA - Ultra Low Emissions Vehicl...Jay parmar, Legal and Policy Director  at  BVLRA - Ultra Low Emissions Vehicl...
Jay parmar, Legal and Policy Director at BVLRA - Ultra Low Emissions Vehicl...
 
Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...
Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...
Jean-Pierre Senekal – The Impact of Self-Esteem on the Student Supervisor Wor...
 
Assignment principles of exporting afghanistan (talha n atta)
Assignment principles of exporting   afghanistan (talha n atta)Assignment principles of exporting   afghanistan (talha n atta)
Assignment principles of exporting afghanistan (talha n atta)
 
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...
Ord. nº 1512  ssmo  modifica registro sanitario bezafibrato ciprofibrato o ge...Ord. nº 1512  ssmo  modifica registro sanitario bezafibrato ciprofibrato o ge...
Ord. nº 1512 ssmo modifica registro sanitario bezafibrato ciprofibrato o ge...
 
California History Social Science Frameworks
California History Social Science FrameworksCalifornia History Social Science Frameworks
California History Social Science Frameworks
 
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan KapsDevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
DevOpsCon 2016 - Continuous Security Testing - Stephan Kaps
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
 
Optimizing Your Application Security Program with Netsparker and ThreadFix
Optimizing Your Application Security Program with Netsparker and ThreadFixOptimizing Your Application Security Program with Netsparker and ThreadFix
Optimizing Your Application Security Program with Netsparker and ThreadFix
 
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
PLM, BIM serveur : qui fait quoi, quand et comment ? Pratiques et technologie...
 

Similar to Automation In Android & iOS Application Review

Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applicationsSatish b
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsJorge Orchilles
 
Hacker Halted 2014 - EMM Limits & Solutions
Hacker Halted 2014 - EMM Limits & SolutionsHacker Halted 2014 - EMM Limits & Solutions
Hacker Halted 2014 - EMM Limits & SolutionsEC-Council
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)ClubHack
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3mPrem Kumar (OSCP)
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityLumension
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
Mobile Browser Content Handling
Mobile Browser Content HandlingMobile Browser Content Handling
Mobile Browser Content HandlingDenim Group
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securitySam Bowne
 
Building Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed AgileBuilding Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed AgileWee Witthawaskul
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation TestJongWon Kim
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current eraajitdhumale
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseDigicomp Academy AG
 
Cloudlytics - Analyze S3 & CloudFront Logs
Cloudlytics - Analyze S3 & CloudFront LogsCloudlytics - Analyze S3 & CloudFront Logs
Cloudlytics - Analyze S3 & CloudFront LogsCloudlytics
 

Similar to Automation In Android & iOS Application Review (20)

Pentesting iPhone applications
Pentesting iPhone applicationsPentesting iPhone applications
Pentesting iPhone applications
 
Windows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 AppsWindows Phone 8 Security and Testing WP8 Apps
Windows Phone 8 Security and Testing WP8 Apps
 
Hacker Halted 2014 - EMM Limits & Solutions
Hacker Halted 2014 - EMM Limits & SolutionsHacker Halted 2014 - EMM Limits & Solutions
Hacker Halted 2014 - EMM Limits & Solutions
 
Sql securitytesting
Sql  securitytestingSql  securitytesting
Sql securitytesting
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 
iOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3miOS-Application-Security-iAmPr3m
iOS-Application-Security-iAmPr3m
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs Security
 
128-ch4.pptx
128-ch4.pptx128-ch4.pptx
128-ch4.pptx
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
Mobile Browser Content Handling
Mobile Browser Content HandlingMobile Browser Content Handling
Mobile Browser Content Handling
 
CNIT 128 8: Mobile development security
CNIT 128 8: Mobile development securityCNIT 128 8: Mobile development security
CNIT 128 8: Mobile development security
 
Google android os
Google android osGoogle android os
Google android os
 
Metadata - What is Unseen
Metadata - What is UnseenMetadata - What is Unseen
Metadata - What is Unseen
 
Building Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed AgileBuilding Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed Agile
 
iOS Application Penetation Test
iOS Application Penetation TestiOS Application Penetation Test
iOS Application Penetation Test
 
Application security in current era
Application security in current eraApplication security in current era
Application security in current era
 
Citrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile EnterpriseCitrix Day 2014: ShareFile Enterprise
Citrix Day 2014: ShareFile Enterprise
 
Cloudlytics - Analyze S3 & CloudFront Logs
Cloudlytics - Analyze S3 & CloudFront LogsCloudlytics - Analyze S3 & CloudFront Logs
Cloudlytics - Analyze S3 & CloudFront Logs
 
Securing Android
Securing AndroidSecuring Android
Securing Android
 

More from Blueinfy Solutions

More from Blueinfy Solutions (9)

Source Code Analysis with SAST
Source Code Analysis with SASTSource Code Analysis with SAST
Source Code Analysis with SAST
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
XSS - Attacks & Defense
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & Defense
 
Defending against Injections
Defending against InjectionsDefending against Injections
Defending against Injections
 
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionXPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal Injection
 
Blind SQL Injection
Blind SQL InjectionBlind SQL Injection
Blind SQL Injection
 
SQL injection basics
SQL injection basicsSQL injection basics
SQL injection basics
 
Assessment methodology and approach
Assessment methodology and approachAssessment methodology and approach
Assessment methodology and approach
 
HTTP protocol and Streams Security
HTTP protocol and Streams SecurityHTTP protocol and Streams Security
HTTP protocol and Streams Security
 

Recently uploaded

Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxMaarten Balliauw
 
Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologySafe Software
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...shaiyuvasv
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr TsapFwdays
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
 
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)Memory Fabric Forum
 
Manual sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
Manual  sensor Zigbee 3.0 MOES ZSS-X-PIRL-CManual  sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
Manual sensor Zigbee 3.0 MOES ZSS-X-PIRL-CDomotica daVinci
 
Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersThousandEyes
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaISPMAIndia
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfkatalinjordans1
 
zigbee motion sensor user manual NAS-PD07B2.pdf
zigbee motion sensor user manual NAS-PD07B2.pdfzigbee motion sensor user manual NAS-PD07B2.pdf
zigbee motion sensor user manual NAS-PD07B2.pdfDomotica daVinci
 
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdfZ-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdfDomotica daVinci
 
Q1 Memory Fabric Forum: Building Fast and Secure Chips with CXL IP
Q1 Memory Fabric Forum: Building Fast and Secure Chips with CXL IPQ1 Memory Fabric Forum: Building Fast and Secure Chips with CXL IP
Q1 Memory Fabric Forum: Building Fast and Secure Chips with CXL IPMemory Fabric Forum
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVARobert McDermott
 
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFEDNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFEandreiandasan
 
Introduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxIntroduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxBrandon Minnick, MBA
 
OTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdfOTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdfPaige Cruz
 
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Adrian Sanabria
 
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxEvolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxKyle Willson
 
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERNRonnelBaroc
 

Recently uploaded (20)

Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptx
 
Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI Technology
 
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre..."Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
"Journey of Aspiration: Unveiling the Path to Becoming a Technocrat and Entre...
 
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap"Running Open-Source LLM models on Kubernetes",  Volodymyr Tsap
"Running Open-Source LLM models on Kubernetes", Volodymyr Tsap
 
AWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user groupAWS reInvent 2023 recaps from Chicago AWS user group
AWS reInvent 2023 recaps from Chicago AWS user group
 
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
Q1 Memory Fabric Forum: Intel Enabling Compute Express Link (CXL)
 
Manual sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
Manual  sensor Zigbee 3.0 MOES ZSS-X-PIRL-CManual  sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
Manual sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
 
Enhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for PartnersEnhancing SaaS Performance: A Hands-on Workshop for Partners
Enhancing SaaS Performance: A Hands-on Workshop for Partners
 
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish GuptaBuilding Products That Think- Bhaskaran Srinivasan & Ashish Gupta
Building Products That Think- Bhaskaran Srinivasan & Ashish Gupta
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdf
 
zigbee motion sensor user manual NAS-PD07B2.pdf
zigbee motion sensor user manual NAS-PD07B2.pdfzigbee motion sensor user manual NAS-PD07B2.pdf
zigbee motion sensor user manual NAS-PD07B2.pdf
 
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdfZ-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
 
Q1 Memory Fabric Forum: Building Fast and Secure Chips with CXL IP
Q1 Memory Fabric Forum: Building Fast and Secure Chips with CXL IPQ1 Memory Fabric Forum: Building Fast and Secure Chips with CXL IP
Q1 Memory Fabric Forum: Building Fast and Secure Chips with CXL IP
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVA
 
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFEDNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
 
Introduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxIntroduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptx
 
OTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdfOTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdf
 
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
Early Tech Adoption: Foolish or Pragmatic? - 17th ISACA South Florida WOW Con...
 
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxEvolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
 
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
21ST CENTURY LITERACY FROM TRADITIONAL TO MODERN
 

Automation In Android & iOS Application Review

  • 1. Automation In Android & iOS Application Review
  • 2. Who Am I? • Hemil Shah – hemil@blueinfy.net • Past experience – HBO, KPMG, IL&FS, Net Square • Interest – Application security research (Web & Mobile) • Published research – Articles / Papers – Packstroem, etc. – Tools – wsScanner, scanweb2.0, AppMap, AppCodeScan, AppPrint etc. hemil@blueinfy.net http://www.blueinfy.com hemil@blueinfy.net http://www.blueinfy.com
  • 5. Frequency of updates • Very High compare to Web Applications • Usually, 4-5 updates in a year for web applications or even less at times • Usually, 10-12 updates in mobile applications or even more in some cases • We all have accepted that application needs to be reviewed before going to production – DID WE???
  • 6. Frequency of Updates Application Name   Number of Releases in iOS Number of Releases in Android Facebook 19 34 Twitter 22 25 Chase Bank 9 2 eBay 9 4 Amazon 10 3 Temple Run 2 12 10 FB Messenger 12 10 Whatsapp 4 154 skype 8 6
  • 7. Mobile Attacks • So What attacks are we talking about? • Privacy becomes important along with the Security in mobile space • It is MOBILE so chances of loosing device or someone getting physical access to it is MUCH MUCH higher than the other devices
  • 8. Mobile Top 10 - OWASP • Insecure Data Storage • Weak Server Side Controls • Insufficient Transport Layer Protection • Client Side Injection • Poor Authorization and Authentication • Improper Session Handling • Security Decisions Via Untrusted Inputs • Side Channel Data Leakage • Broken Cryptography • Sensitive Information Disclosure
  • 10. Banking Application • Scanning application for vulnerabilities • Typical banking running with middleware • Vulnerabilities – Mobile interface – Poor encoding to store SSN and PII  information locally – Very sensitive transaction information  stored locally – Profile manipulation (Logical and Hidden values) – Authentication submitted in GET request
  • 11. E-commerce application Case • Typical application making server side calls • Server side scan with tools/products failedfailed • Security issues and hacks – Storage issues with PII information – SQLite hacks – SQL injection over XML – Ajax driven XSS – Several XSS with Blog component – Several information leaks through JSON fuzzing – CSRF on both XML and JSON
  • 12. Large Telecom Application • Large Telecom company – Source code review was done – Application is distributed running in browser, PDA and Mobile phones – Payment system was involved – Vulnerable • Keys/session stored in keychain file • Screenshot revealing sensitive information  • Default OS Behavior leaking information • Presentation layer (XSS and CSRF)
  • 13. Postmortem • One pattern in all the reviews are SOME  INFORMATION WAS STORED  LOCALLY • More than 99% of the application review has the LOCAL STORAGE issue • Fair to say LOCAL STORAGE has been the biggest issue on the Mobile front
  • 14. Local Storage • Why application needs to store data – Ease of use for the user – Popularity – Competition – Activity with single click – Decrease Transaction time – Post/Get information to/from Social Sites
  • 15. Local Storage • How does attacker can gain access – Either in same Wifi – Default password after jail breaking (alpine) – ADB over wifi/3G/4G – Physical Theft – Temporary access to device
  • 16. Local Storage • What information we usually find – Authentication Credentials – Authorization tokens – Financial Statements – Credit card numbers – Owner’s Information – Physical Address, Name, Phone number – Social Engineering Sites profile/habbits – All the request/response to the server including login request
  • 17. Type of Media • XML File • Text File • Database File (db file) • Images • WebView Control or cache files • Logs
  • 18. Android – Local Storage
  • 19. Type of Storage supported • Android OS supports three type of storage – Internal Storage – As part of the application directory, typically under /data/data/PACKAGENAME directory – External Storage – Storage in any external storage i.e. SDCard – Storage in Shared preferences – Storage under shared_prefs directory, Information CAN be accessed by other applications if ALLOWED
  • 20. How to test • Very hard to test – REALLY??? • Very time consuming as one needs to go through each file under all directory of the application • At times, one need to review files more than once to actually find out what has been stored before login, after login and after logoff
  • 21. Demo - How to test
  • 22. Manual Review • Looking for information in local storage manually is really – – Time Consuming – Tedious – Prone to be false negatives (how accurately you can check files more than once in an hour and file formats are different)
  • 23. Automation • Can we automate it? • Is it possible to know what files/directories my application have accessed when I open it or performed any particular functionality??? • Can I monitor file system as I can do it on windows box or one can monitor network traffic???
  • 24. FSDroid • Leverages SDK Class – No hacks in here!!! • FSDroid can – – Monitor file system – Can write filter to monitor particular directory – Can save last 5 reports for future use – Does not need mobile device – can run on Emulator smoothly – Easy to run (As easy as giving directory name and pressing start button)
  • 27. System Information Detail Location Applications /data/data/(package name) Etc /system/etc/ Provisioning Profile /system/etc/security/cacerts.bks Wifi Settings /system/etc/wifi GPS configuration file /system/etc/gps.conf /system/etc/gpsconfig.xml Host file (DNS entries) /system/etc/hosts Device information, Firmware Information, Manufacturer information /system/build.prop Framework files /system/framework Bin directory /system/bin Apk files of installed applications /system/app Tmp /private/var/tmp
  • 28. Application Information Detail Location Address Book / data/data/com.android.providers.contacts/databases/contacts 2.db User Dictionary / data/data/com.android.providers.userdictionary/databases/user _dict.db Google Map History Information / data/data/com.google.android.apps.maps/databases/search_his tory.db Calendar /data/data/com.android.providers.calendar/databases Photos /sdcard/dcim/Camera
  • 29. Default Services Information Detail Location SMS (Odd number is for Outgoing calls, Even number is for Incoming calls) / data/data/com.android.providers.telephony/databases/mmssms.d b System provided applications, ringtons and wallpapers /system/media
  • 30. User Installed Application Detail Location Application permissions, Certificate, Package Name /data/system.packages.xml Installed Applications /data/data/ Application Directory /data/data/(package name) Applications documents i.e. images, PDF, text files /data/data/(package name)/files Application Preferences /data/data/(package name)/shared_prefs Application temporary storage /data/data/(package name)/files
  • 31. Browser information Detail Location Browser Cookie /data/data/com.android.browser/webview.db Browser favorites (Book marks) /data/data/com.android.browser/browser.db Browser History /data/data/com.android.browser/history.db Browser Settings /data/data/com.android.browser/shared_prefs Browser Cache /data/data/com.android.browser/app_databases
  • 32. iOS – Local Storage
  • 33. Type of Storage supported • iOS supports two types of storage – Internal Storage – As part of the application directory, typically under / “/private/var/mobile/Applications/<GUID>" directory – Information can be in PLIST file, binary cookie file or cached – Keychain file – an encrypted file shared between all the applications but have permission model like /etc/shadow
  • 34. How to test • Nothing new than android • Go through each file and directory multiple times. • Can this be easy???
  • 35. Demo – Manual Testing
  • 36. Automation with iAppliScan • Can we automate it? - YES • Using iAppliScan • Requires JailBroken Device and SSH access to it
  • 37. Demo – Sensitive Information
  • 38. Demo – Does file exist
  • 39. Demo – Download file for further analysis
  • 40. Demo – Run External Binaries
  • 41. Demo – Complete automation
  • 42. Where To Get Tools http://blueinfy.com/ •FSDroid •iAppliScan •Other Available Tools – DumpDroid – CheckDebugable – AppCodeScan Mobile Rules
  • 43. iOS – Interesting Locations
  • 44. System Information Detail Location Applications /var/stash/Applications Etc /private/etc Var /private/var User /var/mobile Provisioning Profile /var/mobileDevice/ProvisioningProfiles Logs /var/log, /var/logs /var/mobile/Library/Logs Network Settings / var/preferences/SystemConfiguration/com.apple.network.identif ication.plist Wifi Settings /var/preferences/SystemConfiguration/com.apple.wifi.plist /var/preferences/SystemConfiguration/preferences.plist Apple ID, Owner information and Firmware Information /root/Library/Lockdown/data_ark.plist Keychain /var/Keychains KeyBoard Cache /User/Library/Keyboard/dynamic-text.dat Tmp /private/var/tmp
  • 45. Application Information Detail Location Address Book /var/mobile/Library/AddressBook/AddressBook.sqlitedb /var/mobile/Library/AddressBook/ AddressBookImages.sqlitedb Last searched Google maps /var/mobile/Library/Caches/MapTiles/MapTiles.sqlitedb Google Map History Information /var/mobile/Library/Maps/History.plist /var/mobile/Library/Maps/Directions.plist Calendar /var/mobile/Library/Calendar/Calendar.sqlitedb Data under notes application /var/mobile/Library/Notes/notes.sqlite Configuration file for Applications /var/mobile/Library/Preferences Photos /var/mobile/Media/DCIM/ Application Pictures when HOME button is pressed (Each application has its own directory - Default applications) /User/Library/Caches/Snapshots
  • 46. Default Services Information Detail Location Call History (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/Callhistory/call_history.db SMS (Odd number is for Outgoing calls, Even number is for Incoming calls) /var/mobile/Library/SMS/sms.db Voicemail /var/mobile/Library/Voicemail/voicemail.db Voice mail recording /var/mobile/Library/Voicemail/ System provided applications, ringtons and wallpapers /var/stash Call History /var/wireless/Library/CallHistory Call Log /var/wireless/Library/logs Call Preferences /var/wireless/Library/Preferences
  • 47. User Installed Application Detail Location Installed Applications /User/Applications or /private/var/mobile/Applications Application Directory (Binary, supporting files /User/Applications/<app GUID>/<appname.app> or /private/var/mobile/Applications/<app GUID>/<appname.app> Applications documents i.e. images, PDF, text files /User/Applications/<app GUID>/Documents Application cookies /User/Applications/<app GUID>/Library/Cookies/Cookies.binarycookies Application Preferences (plist files) /User/Applications/<app GUID>/Library/Preferences Application temporary storage /User/Applications/<app GUID>/tmp Application crash report /User/Library/Logs/CrashReporter Application Screens when pressed HOME button /User/Applications/<app GUID>/Library/Caches/Snapshots
  • 48. Browser information Detail Location Browser Cookie /var/mobile/Library/Cookies/Cookies.binarycookies Browser favorites (Book marks) /var/mobile/Library/Safari/Bookmarks.db Browser History /var/mobile/Library/Safari/History.plist Browser Settings /var/mobile/Library/Preferences/com.apple.mobilesafari.plist Browser Cache /User/Library/Caches/com.apple.WebAppCache/ApplicationCache.db