注冊(cè) | 登錄讀書(shū)好,好讀書(shū),讀好書(shū)!
讀書(shū)網(wǎng)-DuShu.com
當(dāng)前位置: 首頁(yè)出版圖書(shū)科學(xué)技術(shù)計(jì)算機(jī)/網(wǎng)絡(luò)信息安全iOS應(yīng)用安全攻防(影印版)

iOS應(yīng)用安全攻防(影印版)

iOS應(yīng)用安全攻防(影印版)

定 價(jià):¥59.00

作 者: (美)扎德?tīng)査够?著
出版社: 東南大學(xué)出版社
叢編項(xiàng):
標(biāo) 簽: 信息安全

購(gòu)買(mǎi)這本書(shū)可以去


ISBN: 9787564134464 出版時(shí)間: 2012-06-01 包裝: 平裝
開(kāi)本: 16開(kāi) 頁(yè)數(shù): 336 字?jǐn)?shù):  

內(nèi)容簡(jiǎn)介

  如果你是一位具有堅(jiān)實(shí)Objective-C基礎(chǔ)的應(yīng)用開(kāi)發(fā)者,這本《iOS應(yīng)用安全攻防(影印版)》絕對(duì)急你所需——你所在公司的iOS應(yīng)用被攻擊的可能性很大。這是因?yàn)閻阂夤粽攥F(xiàn)在使用一系列工具采用大多數(shù)程序員想象不到的方式進(jìn)行反向工程、跟蹤和操縱應(yīng)用。這本書(shū)講解了幾種iOS的攻擊手段,以及黑客們常用的工具和技術(shù)。你會(huì)從中學(xué)到保護(hù)你的應(yīng)用的最佳方式,并且意識(shí)到像你的對(duì)手那樣去理解和制定策略是多么重要。本書(shū)由扎德?tīng)査够╖dziarski,J.)著。

作者簡(jiǎn)介

暫缺《iOS應(yīng)用安全攻防(影印版)》作者簡(jiǎn)介

圖書(shū)目錄

Preface1. Everything You Know Is Wrong The Myth of a Monoculture The iOS Security Model Components of the iOS Security Model Storing the Key with the Lock Passcodes Equate to Weak Security Foreic Data Trumps Encryption External Data Is at Risk, Too Hijacking Traffic Data Can Be Stolen...Quickly Trust No One, Not Even Your Application Physical Access Is Optional SummaryPart Ⅰ. Hacking2. The Basics of Compromising iOS Why It's Important to Learn How to Break Into a Device Jailbreaking Explained Developer Tools End User Jailbreaks Jailbreaking an iPhone DFU Mode Tethered Veus Untethered Compromising Devices and Injecting Code Building Custom Code Analyzing Your Binary Testing Your Binary Daemon!zing Code Deploying Malicious Code with a Tar Archive Deploying Malicious Code with a RAM Disk Exercises Summary3. Stealing the Filesystem Full Disk Encryption Solid State NAND Disk Encryption Where lOS Disk Encryption Has Failed You Copying the Live Filesystem The DataTheft Payload Customizing launchd Preparing the RAM disk Imaging the Filesystem Copying the Raw Filesystem The RawTheft Payload Customizing launchd Preparing the RAM disk Imaging the Filesystem Exercises The Role of Social Engineering Disabled Device Decoy Deactivated Device Decoy Malware Enabled Decoy Password Engineering Application Summary4. Foreic Trace and Data Leakage Extracting Image Geotags Coolidated GPS Cache SQLite Databases Connecting to a Database SQLite Built-in Commands Issuing SQL Queries Important Database Files Address Book Contacts Address Book Images Google Maps Data Calendar Events Call History Email Database Notes Photo Metadata SMS Messages Safari Bookmarks SMS Spotlight Cache Safari Web Caches Web Application Cache WebKit Storage Voicemail Revee Engineering Remnant Database Fields SMS Drafts Property Lists Important Property List Files Other Important Files Summary5. Defeating Encryption Sogeti's Data Protection Tools Italling Data Protection Tools Building the Brute Forcer Building Needed Python Libraries Extracting Encryption Keys The KeyTheft Payload Customizing Launchd Preparing the RAM disk Preparing the Kernel Executing the Brute Force Decrypting the Keychain Decrypting Raw Disk Decrypting iTunes Backups Defeating Encryption Through Spyware The SpyTheft Payload Daemonizing spyd Customizing Launchd Preparing the RAM disk Executing the Payload Exercises Summary6. Unobliterating Files Scraping the HFS Journal Carving Empty Space Commonly Recovered Data Application Screehots Deleted Property Lists Deleted Voicemail and Voice Recordings Deleted Keyboard Cache Photos and Other Peonal Information Summary7. Manipulating the Runtime Analyzing Binaries The Mach-O Format Introduction to class-dump-z Symbol Tables Encrypted Binaries Calculating Offsets Dumping Memory Copy Decrypted Code Back to the File Resetting the cryptid Abusing the Runtime with Cycript Italling Cycript Using Cycript Breaking Simple Locks Replacing Methods Trawling for Data Logging Data More Serious Implicatio Exercises SpringBoard Animatio Call Tapping...Kind Of Making Screen Shots Summary8. Abusingthe Runtime Library Breaking Objective-C Down Itance Variables Methods Method Cache Disassembling and Debugging Eavesdropping The Underlying Objective-C Framework Interfacing with Objective-C Malicious Code Injection The CodeTheft Payload Injection Using a Debugger Injection Using Dynamic Linker Attack Full Device Infection Summary9. Hijacking Traffic APN Hijacking Payload Delivery Removal Simple Proxy Setup Attacking SSL SSLStrip Paros proxy Browser Warnings Attacking Application-Level SSL Validation The SSLTheft Payload Hijacking Foundation HTTP Classes The POSTTheft Payload Analyzing Data Driftnet Building Running Exercises SummaryPart Ⅱ. Securing10. Implementing Encryption Password Strength Beware Random Password Generato Introduction to Common Crypto Stateless Operatio Stateful Encryption Master Key Encryption Geo-Encryption Geo-Encryption with Passphrase Split Server-Side Keys Securing Memory Wiping Memory Public Key Cryptography Exercises11. Counter Foreics Secure File Wiping DOD 5220.22-M Wiping Objective-C Wiping SQLite Records Keyboard Cache Randomizing PIN Digits Application Screehots12. Securing the Runtime Tamper Respoe Wipe User Data Disable Network Access Report Home Enable Logging False Contacts and Kill Switches Process Trace Checking Blocking Debugge Runtime Class Integrity Checks Validating Address Space Inline Functio Complicating Disassembly Optimization Flags Stripping They're Fun! They Roll! -funroll-loops Exercises13. Jailbreak Detection Sandbox Integrity Check Filesystem Tests Existence of Jailbreak Files Size of/etc/fstab Evidence of Symbolic Linking Page Execution Check14. Next Steps Thinking Like an Attacker Other Revee Engineering Tools Security Veus Code Management A Flexible Approach to Security Other Great Books

本目錄推薦

掃描二維碼
Copyright ? 讀書(shū)網(wǎng) m.ranfinancial.com 2005-2020, All Rights Reserved.
鄂ICP備15019699號(hào) 鄂公網(wǎng)安備 42010302001612號(hào)