- Active subscribers – to download this issue click on the cover of the magazine on the main website or scroll down this page and click the Download button.
- Single issue buyers – after paying for this issue click “ PenTest Extra Mobile Security″ (which will show just above that text) to download your copy of the magazine
Mobile Device Security: Why Should You Care?
Paul T. Ammann
Mobile device security isn’t a problem that you can just wish away. Employees will do things they shouldn’t, such as pick up malware from a free app they just downloaded to their Android. That leaves you — the IT professional with corporate responsibilities — to be accountable for preventing security breaches where possible and remedying a breach after it happens. Paul in his article helps you understand the threat posed by unsecured mobile devices and explores the tools available to help secure them. In his article, you discover what the impact of smart devices in the enterprise means for maintaining data integrity, network utilization, user productivity, secure communication, device manageability, and compliance capabilities.
An Introduction to Code Mobility and its Security Concerns
Code mobility can be expressed as the capability of executing code at different locations; system that support code mobility are often called Mobile Code Systems (MCS). Mobility is important because it is usually simpler and cheaper to move a piece of code than a whole set of data. Luca in his article presents the main types of code mobility and how different approaches can be exploited in several applications. The Mobile Agent approach is the one that better reflects the real-world scenario and therefore is the one that should be investigated more. On one hand, such approach is also the most dangerous to adopt, since code and (part of) data is migrating across the network and therefore traversing possibly untrusted systems. On the other hand, the system that host the agents are exposed to risks too, having to execute possibly malicious data.
MOBILE PENETRATION TESTING STANDARDS & PRACTICES
Richard C. Batka
Richard, in his article, talks about what makes a good testing environment, tools commonly used by expert penetration testers, and major areas of a well rounded testing environment. Lastly we touched upon some excellent programs currently available that offer up important resources that you should consider evaluating- OWASP, and DARPA’s CFT PROGRAM.
Mobile Security – Surfing the paradox?
Mobile computing, and particularity smartphones is a very different beast from the generation of big iron that laid the foundation for modern IT practices. It is quite ironic that we have come full circle from the days of time-sharing on mainframes to sharing resource in the cloud, and in the process reneging a vital degree of control over our most important asset – information. Rob shows you that the portability and accessibility of the devices and the mobile device poses a larger security risk than the humble PC or indeed laptop. This is basis of the paradox – how can a device that is so small, open, technically innovative, tactile, easy to use and readily available – retain cultural and mass-market appeal while at the same time remaining secure? This is the challenge not just from a software or hardware perspective but also from a cultural one.
Gaining Trust and Cardholder Data: Pen-testing Techniques for Accessing Data with the Use of Smart Phones
Small businesses in an effort to make selling products more convenient for customers have started to use alternative methods for taking payments. One of these methods is the use of a small dongle attached to an iPhone or Android device that allows for credit cards to be swiped and authorized. Michael claims that these devices allow for small businesses to bring in additional revenue, but present a number of security issues with the protection of cardholder data.
SERVER’S DATA BREACH: A FORENSICS INVESTIGATION
Filippo Novario, PhD
In his article, Filippo presents the problem of a server’s data breach, in particular the forensics investigation after the illegal act. After an introduction about the concept of data breach, the paper fixes the essential digital elements of forensics analysis. A concrete case of forensics investigation of server’s data breach can permit to understand the problems and the informatics law and forensics solutions: data acquisition, log files analysis, technical analysis for malware and digital code.
Mobile Forensics is a rising up field since nowadays most people use smartphones both for personal and corporate purposes. These devices can handle different kind of information such as emails, browsing history, chat conversation, images, and much more. Often, Mobile Forensics focuses on operating system and built-in applications, because they exist in every device. However, the knowledge about other applications can also be useful in order to acquire forensic information. Jose, in his article, is going to describe how WhatsApp works and how you obtain forensic information from it. Check it out, it shall become more powerful than you could possibly imagine.
The Secret of Passwords
What is the secret to cracking passwords? We are moving into an age that our personal computers are becoming insanely fast and cloud computing is on the craze. What metrics can we identify in a password that will help us limit the cracking time from a few years to a few hours? Joshua in his article will dive head first into the break-down of different techniques to crack a password and some specialized research into using those methods most effectively.
Special thanks to Joshua for sharing his scripts. Now you can not only read this article but also use it.
HONEYPOTS PART 2
Choosing the right Honeypot solution for your network is very important. Honeypots are an administrators best friend if tuned properly. Always choose your Honeypots according to your organizational needs. Never forget to install and properly configure monitoring tools on the honeypots. These comes in handy all the time. Vatsal presents how to gather your requirement for your Honeypot, how to choose your Honeypot carefully, and importance of maintaining your chosen Honeypot.
- Register, accept the Disclaimer and choose subscription option.
By choosing the Free Account option you will only be able to download the teaser of each issue.
- Verify your account using the verification link sent to your email address.
- Check the password sent on your email address and use it to log in.
- Click the download button to get the issue.
IMPORTANT: the registration on the website includes subscription to our newsletter.