![]() On Android, many developers use ProGuard. My process is to do the test on the Android application and then verify findings on the iOS app – if it uses the same server side infrastructure and if it handles local information correctly (and same as Android). This is logical – it would not make sense to have multiple server infrastructure that basically performs same activities for all platforms. Typically, when an organization creates applications for several mobile platforms, they use same server infrastructure (i.e. Here and there I see Windows mobile, but since even Microsoft is giving hope on this platform it appears that we can safely decide to cover Android and iOS only.Īndroid being more open, I prefer to do penetration testing on Android applications. With Android and iOS being two main mobile platforms today it’s logical that most of the mobile penetration tests are concerned with them as well. Not only it’s a combination of reverse engineering (static analysis) and active packet/request mangling, but mobile applications bring with them a whole arsenal of new attack vectors (I plan to cover these in a series of diaries since I held a presentation about that last week at SANSFIRE – we’ll post the handler presentations on the web site soon too and I also attended the SEC575: Mobile Device Security and Ethical Hacking course with fantastic Chris Crowley, one of the best SANS instructors for sure). In last couple of years, I’ve been increasingly working on penetration testing mobile applications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |