As we recount in more detail in Chapter 1, this book is designed to explore the most important components of the mobile risk ecosystem, from the various perspectives noted earlier (mobile app developers, corporate IT staff, IT consultants, technology managers and leaders, and, end-users). Based on this list of players, and on our own experiences with mobile security through hands-on research over the last several years, we’ll cover topics including the following:
Chapter | Topic | Description |
1 | The Mobile Risk Ecosystem | Mobile malware, BYOD, lions, tigers, and bears, oh my! Where to start with mobile security? We’ll try to untangle the lies and videotape with a broad overview of key mobile stakeholders, assets, risks, and trends. |
2 | Cellular network | As with physical attacks, if you connect to a malicious cellular network, it’s not your mobile device anymore. |
3 | iOS | Is Apple’s walled-garden business strategy also a reliable security architecture? |
4 | Android | Can even the mighty technical and financial resources of Google overcome the wild frontier of the current Android ecosystem? |
5 | Mobile malware | It’s a rapidly evolving jungle out there. What defensive strategies can you learn from the tools and techniques used across the spectrum from simple to sophisticated mobile malware? |
6 | Mobile services and mobile web | Don’t be fooled by the pretty devices—the real action in security remains on the server side of the equation. Learn the tips and tricks mobile services need to adopt to keep the walls of the fort from crumbling. |
7 | Mobile device management | How high does MDM raise the bar for attackers, and is the investment worth it relative to the most likely attack scenarios? |
8 | Mobile app development security | Design and implementation guidance for developers who want to demonstrate due care in their apps. |
9 | Mobile payments | New services like Google Wallet represent the first large-scale use of mobile for truly sensitive data and transactions. What can we learn from the designs, published vulnerabilities, and evolving strategies of these cutting-edge offerings? |
Appendixes | Miscellaneous | Here we also tackle some tactical topics like a mobile end-user (consumer) security checklist and a professional’s mobile pen test toolkit. |