Android應(yīng)用安全
Android應(yīng)用安全攻擊面看安全
https://blog.csdn.net/u010651541/article/details/53142252
http://colbert337.github.io/2015/08/24/android-attack-surface/
安全開發(fā)生命周期
https://www.cnblogs.com/shilxfly/p/7196875.html
- 安全設(shè)計
- 威脅建模
- 安全開發(fā)
- 安全編碼
- 安全測試
- 代碼審計
安全風(fēng)險評估Risk Assessment
Android安全基礎(chǔ)
- java/c/cpp/vm asm
- android framework基礎(chǔ)
- xpose框架/插件/熱修復(fù)原理
- dex/Odex格式基礎(chǔ)/dalvik和art虛擬機(jī)
- IDA骚露、GDB棘幸、JEB逆向工具
Android權(quán)限機(jī)制
https://source.android.google.cn/security/overview/kernel-security
Android簽名機(jī)制
- v1簽名
- v2簽名
- 應(yīng)用多渠道發(fā)布
Android加固原理
- 應(yīng)用加固
應(yīng)用加固
http://jiagu.#/1101141392.php?dtid=1101141786&did=1101262105
https://jaq.alibaba.com/community/art/show?articleid=1127
http://www.520monkey.com/archives/1118
http://secwiki.neu.edu.cn/wiki/images/1/1e/%E8%B0%88%E8%B0%88%E7%A7%BB%E5%8A%A8%E5%BA%94%E7%94%A8%E5%8A%A0%E5%9B%BA_LBE.pdf
https://chaman.gitbooks.io/techblog/Android/apk-enchance/apk-enchance.html
加固方案對比: https://www.niwoxuexi.com/blog/android/article/233.html
dex全量加固:
https://juejin.im/entry/5a5c55426fb9a01c9f5b65ed
https://blog.csdn.net/jiangwei0910410003/article/details/48415225/
Android中apk加固完善篇之內(nèi)存加載dex方案實現(xiàn)原理(不落地方式加載dex)
http://www.10tiao.com/html/465/201606/2649229971/1.html
- so加固
- 代碼資源混淆機(jī)制
Android逆向
- apktool和jadx
- xposed hook機(jī)制frida/Xposed
- 脫殼zjdroid
- native hook cydia substrace
- 靜態(tài)逆向
- 動態(tài)調(diào)試smali
- ida調(diào)試so
Android網(wǎng)絡(luò)協(xié)議安全
Android數(shù)據(jù)安全
Android重要的CVE分析
重要的安全博客
http://blogs.#/360mobile/
http://jaq.alibaba.com/?spm=a313e.7837752.1000000.1.44ff69b1P4qoom
http://www.freebuf.com/articles/terminal
http://www.cnblogs.com/2014asm/
http://www.droidsec.cn/
https://www.anquanke.com/#
https://blog.flanker017.me/
https://security.tencent.com/index.php/blog
https://blog.csdn.net/u010651541
