Android Client-Side Attacks and Tests


Android Client-Side Attacks and Tests
CATEGORYTEST NAME
Information Gathering
Reverse Engineering the Application Code
Testing for Common Libraries and Fingerprinting
Enumeration of Application Known Controllers
Information Disclosure by Logcat
Application Local Storage Flaws
Hidden Secrets in the Code
Storing Sensitive Data on Shared Storage (exposed to all applications without any restrictions)
Cryptographic Based Storage Strength
Content Providers Access Permissions
Content Providers SQL Injection
Privacy and Metadata Leaks
IPC Security
User Propriety Data in Logcat
Technical Valuable Data in Logcat
Exposed Components and Cross Application Authorization
Permissions & Digital Signature Data Sharing Issues
Clipboard Separation
Public Intents and Unauthenticated Data Sources
Privacy Breaches
Public Intents and Authorization Flaws
Code Puzzling and Abusing Application State
Race Conditions, Deadlocks and Concurrency Threats
In Device Denial of Service attacks
Exposing Device Specific Identifiers in Attacker Visible Elements
Exposure of Private User Data to Attacker Visible Components
Tracking Application Installations in Insecure Means
UI Security
Tap Jacking
Client Side based Authorization Decisions
Business Logic TestingBypassing business logic
Execution of Untrusted Code
WebView Security
Exposing External Java Interfaces in WebViews DOM
JavaScript Execution Risks at WebViews
Code Signing
Loading Dynamic DEX onto Dalvik
Abusing Dynamic Code Execution Decisions
Stack Based Buffer Overflows
Heap Based Buffer Overflows
Object Lifetime Vulnerabilities (Use-after-free, double free’s)
Format Strings Vulnerabilities
NDK Exposed Code Secrets
Integer Overflows
Integer Underflows
Transport Layer Security
Insecure Transport Layer Protocols
TLS Authenticity Flaws
TLS Weak Encryption
Bypassing TLS Certificate Pinning
TLS Known Issues – CRIME, BREACH, BEAST, Lucky13, RC4, etc…
Disable certificate validation
Authentication Flaws
Using Insecure Authentication Vectors (IMEI, MAC, etc..)
Cross Application Authentication
Local Authentication Bypass Threats
Client Side Based Authentication Flaws
Client Side Authorization Breaches
Android Sandbox Security
Shared User Resources
Excessive Permissions
Disclosure of Privileged Data to Public Resources

Comments

Post a Comment

Popular posts from this blog

Source Code Review

Image
Introduction Source Code review is a process which discovers hidden vulnerabilities, design flaws, and verifies if key security controls are implemented. Code review helps developers learn the code base, as well as help them learn new technologies and techniques that grow their skill sets. In source code review we are using a combination of scanning tools and manual review to detect insecure coding practices, backdoor, injection flaws, cross site scripting errors, insecure handling of resources, weak cryptography etc. Many claims that this process is time consuming and too costly, but there is no doubt that this process is the fastest and most accurate way to find and diagnose many problems, mostly your code is the base from hackers are taking advantage. There are dozens of security problems that simply can’t be found any other way. A source code review is also the best way to detect intentional or accidental backdoors and logic bombs in applications that you acquire from thi...
Read more

Cyber Security and DFIR Interview Questions

Cyber Security is an exotic field, and every next person wants to explore this domain and make a career in it, but the problem is they have no idea how to get in and even if they do, They don't have any idea on what type of questions they might face in an interview. Recently  @Miss_Malware  asked for everyone's favorites security analyst and DFIR interview question that gave me an idea to compile a list of questions which are asked in every interview one way or another. What follows is a list of questions which you may face in an interview. Note: All These questions have compiled with the help of @Miss_Malware's twitter thread, contribution from friends and very intelligent internet searches :P, All the relevant sources (Read those I remember) have been mentioned at end of the post. GENERAL What is DNS? Differentiate between TCP and UDP? How does HTTP handle state? Does TLS use symmetric or asymmetric encryption? What is "Risk"? What is "Risk...
Read more