Android Pentesting Guides
I’ve been reading a lot about Android pentesting this week, so rather than summarizing each one, here’s a list of useful reading for Android pentesting.
- Android Application Security Assessments from Symantec
- Introduction to Pentesting Android Applications from Pentura Labs
- AppSec Labs offers the AppUse Virtual Machine for Android Pentesting
Useful Lab Settings
Maybe you want to test something with an executable stack, ASLR off, or otherwise disable some security feature? This article describes settings for NX, ASLR, and SSP on Linux boxes. More details here.
OWASP Security Testing Guide
I can’t believe I didn’t know about OWASP’s security testing guide before. Though it was published a few years ago, it’s pretty much still relevant, and they’re working on a v4.0.