Professional Documents
Culture Documents
Testing
https://randywestergren.com/marriott-hotel-reservations-payment-information-compromised-web-service-vulnerability/
https://randywestergren.com/marriott-hotel-reservations-payment-information-compromised-web-service-vulnerability/
• Activity
– Screen interactions
• Login screen, Payment screens etc.,
• Service
– A background operation without any user interface
• play music, perform I/O
• Content Providers
– An interface to share data with system/external components
• Read text messages (READ_SMS permissions)
• Broadcast Receivers
– A daemon process responding to system announcements
• low battery, date changed, reboot etc.,
http://www.payatu.com/damn-insecure-and-vulnerable-app/
https://labs.mwrinfosecurity.com/tools/drozer/
https://labs.mwrinfosecurity.com/tools/drozer/
SQLite Databases
• Examples
– Xamarin
– Apache Cordova (PhoneGap)
– Appcelerator Titanium
– Convertigo
https://www.securify.nl/blog/SFY20150502/exploiting_the_xamarin_android_dll_hijack_vulnerability.html
http://securityintelligence.com/apache-cordova-phonegap-vulnerability-android-banking-apps/