Xin'an Second Edition: Chapter 25 mobile application security requirements analysis and security protection engineering learning notes

Two 、 The outline of this chapter requires

8. Mobile application security requirement analysis and security protection engineering

8.1 Mobile application security threat and demand analysis

● Mobile operating system security analysis ● Security analysis of mobile communication network ● Mobile application App Safety analysis

8.2 Android System security and protection mechanism ● Android System security system

●Android System security mechanism （ Process sandbox isolation mechanism 、SOLite database security 、 Application signature mechanism 、 Permission declaration mechanism 、 Network transmission encryption ）

8.3 iOS System security and protection mechanism

● i0S System security system

●iOS System security mechanism （ Safety start chain 、 Permission separation mechanism 、 Code signing mechanism 、DEP、 Address space layout randomization 、 Sandbox mechanism 、 Data encryption and protection mechanism 、 Network transmission encryption ）

8.4 Mobile application security protection mechanism and technical scheme

8.4.1 Mobile application App Safety risk

● Reverse engineering risk ● Risk of tampering ● Data theft risk

84.2 Mobile application App Safety reinforcement

● Reverse prevention 、 Anti commissioning 、 tamper-proof ● Data leakage prevention 、 Transmission data protection

8.4.3 Mobile application App Safety inspection

● Identity authentication mechanism detection

● Communication session security mechanism detection ● Sensitive information protection mechanism detection ● Log security policy detection ● Transaction process security mechanism detection ● Server authentication mechanism detection ● Access control mechanism detection ● Data tamper proof capability detection ● prevent SQL Injection capability test ● Anti fishing safety capability test ●App Security vulnerability detection

8.5 Mobile application security comprehensive application case analysis

●  Financial mobile security ●  Mobile security of operators ● Mobile office security

3、 ... and 、 List of important and easy knowledge points in this chapter

25.1 Mobile application security threat and demand analysis

1. The basic composition of mobile application system based on smart phone includes three parts : First, mobile applications , abbreviation App; The second is the communication network , Including wireless networks 、 Mobile communication network and Internet ; The third is the application server , Composed of related servers , Responsible for handling from App  Relevant information or data .