S.E.Reborn (@S_E_Reborn): 👩‍💻 Attacking Android. 🟢Объемное руководство, которое описывает различные методы компромет… - Message #5973
S.E.Reborn
A+ @S_E_Reborn
Copyright: @SEAdm1n

Вакансии: @infosec_work

Информационная безопасность. Литература для ИТ специалистов. Пентест, OSINT, СИ, DevOps, Администрирование.

Сотрудничество - @SEAdm1n

РКН: https://vk.cc/cN3VEF
View in Telegram
Блог
О проекте
Пользовательское соглашение
Скачать Telegram
S.E.Reborn
22K subscribers
S.E.Reborn
��‍� Attacking Android.

��Объемное руководство, которое описывает различные методы компрометации Android устройств.

��ContentProvider Management in Android Applications;
��Protecting Exported Services with Strong Permissions in Android;
��Protecting Against Directory Traversal Vulnerabilities in Android;
��Preventing Unauthorized Access to Sensitive Activities in Android;
��Avoid Storing Sensitive Information on External Storage (SD Card) Without Encryption;
��Logging Sensitive Information in Android;
��Securing Sensitive Data in Android;
��Cache;
��Do not use world readable or writeable to share files between apps;
��Do not broadcast sensitive information using an implicit intent;
��Do not allow WebView to access sensitive local resource through file scheme
��WebView Security Concerns;
��Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below)Noncompliant Code Example;
��Enable serialization compatibility during class evolution;
��Do not deviate from the proper signatures of serialization methods;
��Exclude unsanitized user input from format strings;
��Sanitize untrusted data included in a regular expression;
��Define wrappers around native methods;
��Do not allow exceptions to expose sensitive information;
��Do not encode noncharacter data as a string;
��Do not release apps that are debuggable;
��Consider privacy concerns when using Geolocation API;
��Properly verify server certificate on SSL/TLS;
��Specify permissions when creating files via the NDK.

#Android #DevSecOps
🔥
9
3
3.1K views 154 forwards
View in Telegram
S.E.Reborn
A+ @S_E_Reborn
Copyright: @SEAdm1n

Вакансии: @infosec_work

Информационная безопасность. Литература для ИТ специалистов. Пентест, OSINT, СИ, DevOps, Администрирование.

Сотрудничество - @SEAdm1n

РКН: https://vk.cc/cN3VEF