Security Testing Tools For IOS And Android
With the increased usage of mobile apps there is a complete range of new threats and attacks formerly not relevant in the classic web app world. Your devices could be vulnerable to a variety of attacks such as:
- Cross-Site Scripting (XSS).
- The leak of User Sensitive Data (IMEI, GPS, MAC address, email or credential) over the network.
- SQL injection.
- Phishing Scam Attacks.
- Missing Data Encryption.
- Unrestricted Upload of Dangerous File Types.
- OS Command Injection.
- Arbitrary Code Execution.
With the growth of mobile applications, delivering a highly secured app is vital to user retention. What can you do to avoid these threats? Below are some security testing tools that can help ethical hackers find flaws and secure your devices:
- android-security-awesome – A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps.
- SecMobi Wiki – A collection of mobile security resources which including articles, blogs, books, groups, projects, tools and conferences.
- OSX Security Awesome – A collection of OSX and iOS security resources
- Themis – High-level multi-platform cryptographic framework for protecting sensitive data: secure messaging with forward secrecy and secure data storage (AES256GCM), suits for building end-to-end encrypted applications.
- Mobile Security Wiki – A collection of mobile security resources.
- Apktool – A tool for reverse engineering Android apk files.
- jadx – Command line and GUI tools for produce Java source code from Android Dex and Apk files.
- enjarify – A tool for translating Dalvik bytecode to equivalent Java bytecode.
- Android Storage Extractor – A tool to extract local data storage of an Android application in one click.
- Quark-Engine – An Obfuscation-Neglect Android Malware Scoring System.
- dotPeek – Free-of-charge standalone tool based on ReSharper’s bundled decompiler.
- hardened_malloc – Hardened allocator designed for modern systems. It has integration into Android’s Bionic libc and can be used externally with musl and glibc as a dynamic library for use on other Linux-based platforms. It will gain more portability / integration over time.
- AMExtractor – AMExtractor can dump out the physical content of your Android device even without kernel source code.
- frida – Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.