This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Mobile Security Project - Android/References"
From OWASP
Dinis.cruz (talk | contribs) |
Dinis.cruz (talk | contribs) |
||
| Line 16: | Line 16: | ||
===Tools=== | ===Tools=== | ||
| − | * [[OWASP O2 Platform]] can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files) | + | * '''Android Development''' |
| − | * Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules") | + | ** [http://developer.android.com/sdk/index.html Android SDK] |
| + | step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc..." '' | ||
| + | * '''Android Security Review''' | ||
| + | ** [http://code.google.com/p/dex2jar/ Dex2Jar] :'' "...Android mobile device runs applications which have been converted into a compact Dalvik Executable (.dex) format. Dex2Jar converts .dex files to Java .class files..." '' | ||
| + | ** [http://code.google.com/p/android-apktool/ ApkTool] :'' "...It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code | ||
| + | ** [http://java.decompiler.free.fr JD] : Java Decompiler | ||
| + | ** [[OWASP O2 Platform]] can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files) | ||
| + | ** Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules") | ||
Revision as of 14:59, 5 November 2010
Here are a number of references related to Android Security
Official documentation
Published Research
- Coverity SCAN 2010 Open Source Integrity Report which contains information about 88 Kernel bugs in Android:
Blog posts
- Reversing Android Apps 101 - Jack Mannino
Presentation
- Building Android Sandcastles in Android's Sandbox at BlackHat Abu Dhabi (Nov 10 - 11 2010)
Tools
- Android Development
step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc..."
- Android Security Review
- Dex2Jar : "...Android mobile device runs applications which have been converted into a compact Dalvik Executable (.dex) format. Dex2Jar converts .dex files to Java .class files..."
- ApkTool : "...It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code
- JD : Java Decompiler
- OWASP O2 Platform can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files)
- Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules")
