SANS Penetration Testing: Category - Mobile

What's the Deal with Mobile Device Passcodes and Biometrics? (Part 2 of 2)

By Lee Neely In the first installment of this 2-parter, I discussed the use of mobile device fingerprint scanners to unlock the device. As a follow-up, I'd like to discuss how a developer can integrate the scanner into their applications. This discussion may provide some insights into how to secure mobile apps, or even inspire … Continue reading What's the Deal with Mobile Device Passcodes and Biometrics? (Part 2 of 2)


What's the Deal with Mobile Device Passcodes and Biometrics? (Part 1 of 2)

By Lee Neely Introduction Mobile device administrators and end users need to be more cognizant of the risks of allowing unauthorized access to their smartphones and take steps to raise the bar on accessing those devices to mitigate those risks. This is part one of two articles on securing mobile device access. In this article, … Continue reading What's the Deal with Mobile Device Passcodes and Biometrics? (Part 1 of 2)


Modifying Android Apps: A SEC575 Hands-on Exercise, Part 2

By Joshua Wright Introduction In the last installment of this article, we looked at the IsItDown application, and how it is designed not to run in the Android Emulator, and to include a super-annoying banner ad. We showed how the Apktool utility can be used to decompile an Android APK file, and how we can … Continue reading Modifying Android Apps: A SEC575 Hands-on Exercise, Part 2


Modifying Android Apps: A SEC575 Hands-on Exercise, Part 1

By Joshua Wright Introduction As a security professional, I'm called on to evaluate the security of Android applications on a regular basis. This evaluation process usually takes on one of two forms: Evaluate app security from an end-user perspective Evaluate app security from a publisher perspective While there is a lot of overlap between the … Continue reading Modifying Android Apps: A SEC575 Hands-on Exercise, Part 1


How Pen Testers Can Deal with Changes to Android SD Card Permissions

By Lee Neely & Chris Crowley Recent updates to the Android OS have changed the permission model for external storage, and these changes will likely impact the way pen testers assess the actions and corresponding risks associated with applications, both malicious and benign, particularly when analyzing how they interact with external storage. Consider this scenario: … Continue reading How Pen Testers Can Deal with Changes to Android SD Card Permissions