5. P.1.Methodology
P.1.2.MSTG
General parts
Mobile App Authentication Architectures
Testing Network Communication
Cryptography in Mobile Apps
Testing Code Quality
Tampering and Reverse Engineering
Testing User Education
https://github.com/OWASP/owasp-mstg
6. P.1.Methodology
P.1.2.MSTG
Android specific parts
Platform Overview
Android Basic Security Testing
Data Storage on Android
Android Cryptographic APIs
Local Authentication on Android
Android Network APIs
Android Platform APIs
Code Quality and Build Settings for Android Apps
Tampering and Reverse Engineering on Android
Android Anti-Reversing Defenses
7. P.1.Methodology
P.1.3.MASVS
v1 Architecture, Design and Threat Modeling Requirements
v2 Data Storage and Privacy Requirements
v3 Cryptography Requirements
v4 Authentication and Session Management Requirements
v5 Network Communication Requirements
v6 Environmental Interaction Requirements
v7 Code Quality and Build Setting Requirements
v8 Resiliency Against Reverse Engineering Requirements
https://github.com/OWASP/owasp-masvs
9. Mobile Security Framework (MobSF) is an automated, all-in-one mobile application
(Android/iOS/Windows) pen-testing, malware analysis and security assessment framework
capable of performing static and dynamic analysis.
P.2.Static testing Android-app
P.2.1.MobSF
https://github.com/MobSF/Mobile-Security-Framework-MobSF
11. AndroBugs Framework is an Android vulnerability analysis system that helps
developers or hackers to find the potential security vulnerabilities in Android
applications. No splendid GUI interface, but the most efficient (less than 2 minutes per
scan in average) and more accurate.
P.2.Static testing Android-app
P.2.2.Androbugs framework
https://github.com/AndroBugs/AndroBugs_Framework
13. QARK is an easy to use tool capable of finding common security
vulnerabilities in Android applications. Unlike commercial products,
it is 100% free to use. QARK features educational information
allowing security reviewers to locate precise, in-depth explanations
of the vulnerabilities. QARK automates the use of multiple
decompilers, leveraging their combined outputs, to produce
superior results, when decompiling APKs. Finally, the major
advantage QARK has over traditional tools, that just point you to
possible vulnerabilities, is that it can produce ADB commands, or
even fully functional APKs, that turn hypothetical vulnerabilities into
working "POC" exploits.
P.2.Static testing Android-app
P.2.3.QARK
https://github.com/linkedin/qark
15. VCG is an automated code security review tool for C++, C#,
VB, PHP, Java and PL/SQL which is intended to drastically
speed up the code review process by identifying
bad/insecure code.
P.2.Static testing Android-app
P.2.4.VCG scanner
https://sourceforge.net/projects/visualcodegrepp/
20. Inspeckage - Android Package Inspector
Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to
functions of the Android API, Inspeckage will help you understand what an Android application is doing at
runtime.
● Shared Preferences
● Serialization
● Crypto
● Hash
● SQLite
● HTTP
● FileSystems
● IPC
https://github.com/ac-pm/Inspeckage
https://habr.com/ru/post/432820/
P.3.Dynamic testing Android-app
P.3.2.Inspeckage
22. Logcat is a command-line tool that dumps a log of system
messages, including stack traces when the device throws an
error and messages that you have written from your app with
the Log class.
P.3.Dynamic testing Android-app
P.3.3.LogCat
https://developer.android.com/studio/command-line/logcat
https://habr.com/ru/post/432820/
25. P.3.Dynamic testing Android-app
P.3.4.MobSF
Run a Genymotion Android VM before starting MobSF. Everything will be configured automatically at runtime.
MobSF requires Genymotion Android x86 VMs version 4.1 to 9.0 for dynamic analysis. We recommend using
Android 7.0 and above.
HTTPS Proxy
● For Android versions 4.4 - 9.0, global proxy settings are automatically applied at runtime.
● For Android version 4.1 - 4.3, set Android VM proxy as displayed in Dynamic Analysis page.
27. Drozer (formerly Mercury) is the leading security testing framework for
Android.
Drozer allows you to search for security vulnerabilities in apps and devices by
assuming the role of an app and interacting with the Dalvik VM, other apps'
IPC endpoints and the underlying OS.
Drozer provides tools to help you use, share and understand public Android
exploits. It helps you to deploy a drozer Agent to a device through exploitation
or social engineering. Using weasel (MWR's advanced exploitation payload)
drozer is able to maximise the permissions available to it by installing a full
agent, injecting a limited agent into a running process, or connecting a
reverse shell to act as a Remote Access Tool (RAT).
P.3.Dynamic testing Android-app
P.3.5.Drozer
https://github.com/mwrlabs/drozer
https://habr.com/ru/post/352252/