Android Mobile Application Pentesting

Williamswyohanes96@gmail.com

OWASP29 April 2018

Who Am I ?

Who Am I

Noted to all audience:Semua materi yang diberikan dalam pertemuan hanya

untuk tujuan pendidikan. Kerusakan yang terjadi pada suatu aplikasi sistem bukan merupakan tanggung jawab dari pengarang

Peace out yoo!

Android Mobile Application Security Testing

Source:

Source:

OWASP Mobile top 10 Vulnerability

Linux Kernel

Android Runtime

Native Libraries

Application framework

Application

Taken from learning pentesting for android device

Linux Kernel

Android Runtime

Native Libraries

Application framework

Application

Android Application Package

It is just a zip file

Android Application Package

Taken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses

Android Application Package

Taken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses

Android Application Package

Taken from: Android Security: A Survey of Issues, MalwarePenetration and Defenses

Taken from fileinfo.com

OWASP Mobile top 10 Vulnerability

OWASP Mobile top 10 Vulnerability

First step into android mobile application penetration testing is to try reverse engineer the application because once u get the code u already do half of the works

With APKTOOLS

With Dex2jar

With jdx-core

With jdx-core

Where to get Free apk other than play store?

Taken from APKpure.com

Improper Platform Usage

Improper Platform Usage

Improper Platform Usage

A Good Tools that every android pentester must have

Taken from mac afee blog. All right reserved to the author

Target:

Improper Platform Usage

Improper Platform Usage

Improper Platform Usage

~# adb shell am start -n com.xllusion.quicknote/.EditNote -e android.intent.extra.SUBJECT dumbass -e android.intent.extra.TEXT dumbass

Package name and the activity

Put the first string Put the second string

Improper Platform Usage

OWASP Mobile top 10 Vulnerability

Insecure Data Storage

Target:

Insecure Data Storage

Insecure Data Storage

Insecure Data Storage

Insecure Data Storage

Insecure Data Storage

OWASP Mobile top 10 Vulnerability

Insecure Communication

What do you need ?

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Insecure Communication

Thank You

Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50